Nazdar, počítač se mi zapíná asi 5 minut a blbne mi ZoneAlarm( při kontrole disků musím povolit každý soubor) výpis z HJT:
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Samsung Auto Backup Guage.lnk = ?
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?
O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c99416ab1db714) (gupdate1c99416ab1db714) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8388 bytes
Dík moc za každou radu
Kontrola logu, potřebuje helpnou pls Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu, potřebuje helpnou pls
Ten log z HJt není celý, chybí začátek.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu, potřebuje helpnou pls
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:29, on 4.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.zonelabs.com/checkupdatew ... l&OEM=1043
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Samsung Auto Backup Guage.lnk = ?
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?
O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c99416ab1db714) (gupdate1c99416ab1db714) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8075 bytes
Scan saved at 18:01:29, on 4.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.zonelabs.com/checkupdatew ... l&OEM=1043
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Samsung Auto Backup Guage.lnk = ?
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?
O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c99416ab1db714) (gupdate1c99416ab1db714) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8075 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu, potřebuje helpnou pls
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu, potřebuje helpnou pls
log z mbam:
Malwarebytes' Anti-Malware 1.36
Verze databáze: 2098
Windows 5.1.2600 Service Pack 2
9.5.2009 10:18:21
mbam-log-2009-05-09 (10-18-04).txt
Typ skenu: Rychlý sken
Objektu skenováno: 75562
Uplynulý cas: 6 minute(s), 44 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 5
Infikované hodnoty registru: 2
Infikované položky dat registru: 2
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d311c486-7d5f-4d73-b791-ee56c47d3b2e} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ffffffff-b432-46fc-9143-b82b832b1b14} (Spyware.Banker) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.bpeb (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken.
Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> No action taken.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
Malwarebytes' Anti-Malware 1.36
Verze databáze: 2098
Windows 5.1.2600 Service Pack 2
9.5.2009 10:18:21
mbam-log-2009-05-09 (10-18-04).txt
Typ skenu: Rychlý sken
Objektu skenováno: 75562
Uplynulý cas: 6 minute(s), 44 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 5
Infikované hodnoty registru: 2
Infikované položky dat registru: 2
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d311c486-7d5f-4d73-b791-ee56c47d3b2e} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ffffffff-b432-46fc-9143-b82b832b1b14} (Spyware.Banker) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.bpeb (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> No action taken.
Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> No action taken.
Infikované položky dat registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> No action taken.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu, potřebuje helpnou pls
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Deaktivuj Spybot+ZoneAlarm( pak si pořiď antivir).
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Deaktivuj Spybot+ZoneAlarm( pak si pořiď antivir).
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu, potřebuje helpnou pls
yýpis z logu
ComboFix 09-05-08.03 - Tomas 10.05.2009 11:14.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.665 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-10 do 2009-05-10 )))))))))))))))))))))))))))))))
.
2009-05-09 08:09 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-09 08:08 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-09 08:08 . 2009-05-09 08:09 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-04 09:19 . 2009-05-04 09:19 39424 ----a-w c:\windows\system32\winrkq32.dll
2009-04-11 17:03 . 1998-07-12 22:00 21504 ----a-w c:\windows\system32\TABCTFR.DLL
2009-04-11 17:03 . 1998-07-12 22:00 59904 ----a-w c:\windows\system32\Mscc2fr.dll
2009-04-11 17:03 . 1998-07-12 23:00 20992 ----a-w c:\windows\system32\CMCT2FR.DLL
2009-04-11 17:03 . 2009-04-28 18:10 -------- d-----w c:\program files\Ipod Video Converter
2009-04-10 12:30 . 2009-04-10 12:30 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-10 12:30 . 2009-04-10 12:30 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-10 12:30 . 2009-04-10 12:30 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-10 12:30 . 2009-04-10 12:30 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 09:16 . 2007-04-05 19:32 74516768 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-10 08:49 . 2001-10-25 14:00 73236 ----a-w c:\windows\system32\perfc005.dat
2009-05-10 08:49 . 2001-10-25 14:00 398472 ----a-w c:\windows\system32\perfh005.dat
2009-05-09 18:36 . 2007-04-05 19:32 1000928 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-09 08:03 . 2007-04-05 19:29 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-05-04 08:30 . 2009-05-04 08:30 81019 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_05_04_10_23_21_small.dmp.zip
2009-05-03 13:11 . 2007-04-05 19:24 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-03 05:12 . 2009-05-03 05:14 132608 ----a-w c:\windows\Internet Logs\xDBAD.tmp
2009-05-03 05:12 . 2009-05-03 05:14 2577920 ----a-w c:\windows\Internet Logs\xDBAE.tmp
2009-04-29 14:35 . 2009-04-29 14:36 288768 ----a-w c:\windows\Internet Logs\xDBAB.tmp
2009-04-29 14:35 . 2009-04-29 14:36 2575872 ----a-w c:\windows\Internet Logs\xDBAC.tmp
2009-04-28 05:46 . 2009-04-28 05:47 2573312 ----a-w c:\windows\Internet Logs\xDBAA.tmp
2009-04-25 10:47 . 2009-04-25 10:49 2566656 ----a-w c:\windows\Internet Logs\xDBA9.tmp
2009-04-25 08:34 . 2009-04-25 08:35 537088 ----a-w c:\windows\Internet Logs\xDBA7.tmp
2009-04-25 08:34 . 2009-04-25 08:35 2560000 ----a-w c:\windows\Internet Logs\xDBA8.tmp
2009-04-23 08:57 . 2009-04-23 08:59 204800 ----a-w c:\windows\Internet Logs\xDBA5.tmp
2009-04-23 08:57 . 2009-04-23 08:59 2553856 ----a-w c:\windows\Internet Logs\xDBA6.tmp
2009-04-22 15:45 . 2009-04-22 15:47 2552320 ----a-w c:\windows\Internet Logs\xDBA4.tmp
2009-04-22 11:22 . 2009-04-22 11:23 2551808 ----a-w c:\windows\Internet Logs\xDBA3.tmp
2009-04-22 08:22 . 2009-04-22 08:23 2551296 ----a-w c:\windows\Internet Logs\xDBA2.tmp
2009-04-21 14:05 . 2009-04-21 14:06 2550272 ----a-w c:\windows\Internet Logs\xDBA1.tmp
2009-04-21 14:05 . 2009-04-21 14:06 91648 ----a-w c:\windows\Internet Logs\xDBA0.tmp
2009-04-20 12:08 . 2009-04-20 12:09 43008 ----a-w c:\windows\Internet Logs\xDB9E.tmp
2009-04-20 12:07 . 2009-04-20 12:09 2548736 ----a-w c:\windows\Internet Logs\xDB9F.tmp
2009-04-20 05:21 . 2009-04-20 05:23 2548224 ----a-w c:\windows\Internet Logs\xDB9D.tmp
2009-04-20 05:21 . 2009-04-20 05:23 55296 ----a-w c:\windows\Internet Logs\xDB9C.tmp
2009-04-19 14:08 . 2009-04-19 14:10 199168 ----a-w c:\windows\Internet Logs\xDB9B.tmp
2009-04-17 16:50 . 2009-04-17 16:51 2542592 ----a-w c:\windows\Internet Logs\xDB9A.tmp
2009-04-17 16:50 . 2009-04-17 16:51 284672 ----a-w c:\windows\Internet Logs\xDB99.tmp
2009-04-15 12:45 . 2009-04-15 12:46 2531840 ----a-w c:\windows\Internet Logs\xDB98.tmp
2009-04-15 11:18 . 2009-04-15 11:20 2531328 ----a-w c:\windows\Internet Logs\xDB97.tmp
2009-04-14 13:04 . 2009-04-14 13:06 47616 ----a-w c:\windows\Internet Logs\xDB95.tmp
2009-04-14 13:04 . 2009-04-14 13:06 2530304 ----a-w c:\windows\Internet Logs\xDB96.tmp
2009-04-13 18:10 . 2009-04-13 18:12 2529792 ----a-w c:\windows\Internet Logs\xDB94.tmp
2009-04-13 18:10 . 2009-04-13 18:12 848896 ----a-w c:\windows\Internet Logs\xDB93.tmp
2009-04-11 08:15 . 2009-04-11 08:16 2518528 ----a-w c:\windows\Internet Logs\xDB92.tmp
2009-04-07 18:18 . 2008-02-10 10:36 -------- d-----w c:\program files\Google
2009-04-06 17:42 . 2009-04-06 17:42 -------- d-----w c:\program files\AskSearch
2009-04-06 17:42 . 2009-04-06 17:28 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-04-06 17:41 . 2009-04-06 17:41 -------- d-----w c:\program files\DVDVideoSoft
2009-04-06 17:21 . 2009-04-06 17:15 -------- d-----w c:\program files\Free CENZURA Converter
2009-04-02 17:54 . 2009-04-03 06:20 2150400 ----a-w c:\windows\Internet Logs\xDB91.tmp
2009-03-28 17:54 . 2008-09-02 11:06 -------- d-----w c:\program files\VisualSubSync
2009-03-23 11:23 . 2009-01-05 15:16 -------- d-----w c:\program files\Clarus
2009-03-23 11:23 . 2007-04-05 19:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 06:18 . 2006-06-13 10:45 28761338 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-16 06:18 . 2008-04-20 15:23 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-14 18:48 . 2008-07-12 18:07 -------- d-----w c:\program files\ICQ6
2009-03-05 15:53 . 2009-03-05 15:57 2344448 ----a-w c:\windows\Internet Logs\xDB90.tmp
2009-03-04 19:07 . 2009-03-05 13:00 1609216 ----a-w c:\windows\Internet Logs\xDB8F.tmp
2009-02-15 11:16 . 2009-02-15 16:04 2455040 ----a-w c:\windows\Internet Logs\xDB8E.tmp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"Google Update"="c:\documents and settings\Tomas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Tomas\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2009-3-23 888832]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2009-3-23 81920]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2009-3-23 94208]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Midway Games\\Rise and Fall\\RiseAndFall.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17161:TCP"= 17161:TCP:BitComet 17161 TCP
"17161:UDP"= 17161:UDP:BitComet 17161 UDP
"17613:TCP"= 17613:TCP:BitComet 17613 TCP
"17613:UDP"= 17613:UDP:BitComet 17613 UDP
R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [5.4.2007 21:07 210304]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [5.1.2009 17:16 11520]
R1 mvd17;mvd17;c:\program files\Clarus\Samsung SecretZone\mvd17.sys [5.1.2009 17:16 60288]
R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [5.1.2009 17:16 102400]
R3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [20.3.2006 18:34 1452032]
R3 PAC7302;Messenger 310;c:\windows\system32\drivers\PAC7302.SYS [14.6.2007 18:34 457856]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [3.8.2004 23:04 69120]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [5.4.2007 21:08 28672]
S2 gupdate1c99416ab1db714;Google Update Service (gupdate1c99416ab1db714);c:\program files\Google\Update\GoogleUpdate.exe [21.2.2009 13:22 133104]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F4BE0CF3-C203-960F-6F4A-6CA2ED515149}]
c:\program files\MSXML43\setup.exe s
.
Obsah adresáře 'Naplánované úlohy'
2009-04-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 14:53]
2009-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2009-05-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-21 16:08]
2009-05-10 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 11:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = hxxp://update.zonelabs.com/checkupdatew ... l&OEM=1043
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 11:16
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1040)
c:\windows\system32\msi.dll
.
Celkový čas: 2009-05-10 11:17
ComboFix-quarantined-files.txt 2009-05-10 09:17
Před spuštěním: 1 596 694 528
Po spuštění: 1 625 812 992
180 --- E O F --- 2008-12-05 15:03
ComboFix 09-05-08.03 - Tomas 10.05.2009 11:14.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.665 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*
* Vytvořen nový Bod Obnovení
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-10 do 2009-05-10 )))))))))))))))))))))))))))))))
.
2009-05-09 08:09 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-09 08:08 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-09 08:08 . 2009-05-09 08:09 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-04 09:19 . 2009-05-04 09:19 39424 ----a-w c:\windows\system32\winrkq32.dll
2009-04-11 17:03 . 1998-07-12 22:00 21504 ----a-w c:\windows\system32\TABCTFR.DLL
2009-04-11 17:03 . 1998-07-12 22:00 59904 ----a-w c:\windows\system32\Mscc2fr.dll
2009-04-11 17:03 . 1998-07-12 23:00 20992 ----a-w c:\windows\system32\CMCT2FR.DLL
2009-04-11 17:03 . 2009-04-28 18:10 -------- d-----w c:\program files\Ipod Video Converter
2009-04-10 12:30 . 2009-04-10 12:30 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-10 12:30 . 2009-04-10 12:30 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-10 12:30 . 2009-04-10 12:30 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-10 12:30 . 2009-04-10 12:30 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 09:16 . 2007-04-05 19:32 74516768 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-10 08:49 . 2001-10-25 14:00 73236 ----a-w c:\windows\system32\perfc005.dat
2009-05-10 08:49 . 2001-10-25 14:00 398472 ----a-w c:\windows\system32\perfh005.dat
2009-05-09 18:36 . 2007-04-05 19:32 1000928 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-09 08:03 . 2007-04-05 19:29 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-05-04 08:30 . 2009-05-04 08:30 81019 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_05_04_10_23_21_small.dmp.zip
2009-05-03 13:11 . 2007-04-05 19:24 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-03 05:12 . 2009-05-03 05:14 132608 ----a-w c:\windows\Internet Logs\xDBAD.tmp
2009-05-03 05:12 . 2009-05-03 05:14 2577920 ----a-w c:\windows\Internet Logs\xDBAE.tmp
2009-04-29 14:35 . 2009-04-29 14:36 288768 ----a-w c:\windows\Internet Logs\xDBAB.tmp
2009-04-29 14:35 . 2009-04-29 14:36 2575872 ----a-w c:\windows\Internet Logs\xDBAC.tmp
2009-04-28 05:46 . 2009-04-28 05:47 2573312 ----a-w c:\windows\Internet Logs\xDBAA.tmp
2009-04-25 10:47 . 2009-04-25 10:49 2566656 ----a-w c:\windows\Internet Logs\xDBA9.tmp
2009-04-25 08:34 . 2009-04-25 08:35 537088 ----a-w c:\windows\Internet Logs\xDBA7.tmp
2009-04-25 08:34 . 2009-04-25 08:35 2560000 ----a-w c:\windows\Internet Logs\xDBA8.tmp
2009-04-23 08:57 . 2009-04-23 08:59 204800 ----a-w c:\windows\Internet Logs\xDBA5.tmp
2009-04-23 08:57 . 2009-04-23 08:59 2553856 ----a-w c:\windows\Internet Logs\xDBA6.tmp
2009-04-22 15:45 . 2009-04-22 15:47 2552320 ----a-w c:\windows\Internet Logs\xDBA4.tmp
2009-04-22 11:22 . 2009-04-22 11:23 2551808 ----a-w c:\windows\Internet Logs\xDBA3.tmp
2009-04-22 08:22 . 2009-04-22 08:23 2551296 ----a-w c:\windows\Internet Logs\xDBA2.tmp
2009-04-21 14:05 . 2009-04-21 14:06 2550272 ----a-w c:\windows\Internet Logs\xDBA1.tmp
2009-04-21 14:05 . 2009-04-21 14:06 91648 ----a-w c:\windows\Internet Logs\xDBA0.tmp
2009-04-20 12:08 . 2009-04-20 12:09 43008 ----a-w c:\windows\Internet Logs\xDB9E.tmp
2009-04-20 12:07 . 2009-04-20 12:09 2548736 ----a-w c:\windows\Internet Logs\xDB9F.tmp
2009-04-20 05:21 . 2009-04-20 05:23 2548224 ----a-w c:\windows\Internet Logs\xDB9D.tmp
2009-04-20 05:21 . 2009-04-20 05:23 55296 ----a-w c:\windows\Internet Logs\xDB9C.tmp
2009-04-19 14:08 . 2009-04-19 14:10 199168 ----a-w c:\windows\Internet Logs\xDB9B.tmp
2009-04-17 16:50 . 2009-04-17 16:51 2542592 ----a-w c:\windows\Internet Logs\xDB9A.tmp
2009-04-17 16:50 . 2009-04-17 16:51 284672 ----a-w c:\windows\Internet Logs\xDB99.tmp
2009-04-15 12:45 . 2009-04-15 12:46 2531840 ----a-w c:\windows\Internet Logs\xDB98.tmp
2009-04-15 11:18 . 2009-04-15 11:20 2531328 ----a-w c:\windows\Internet Logs\xDB97.tmp
2009-04-14 13:04 . 2009-04-14 13:06 47616 ----a-w c:\windows\Internet Logs\xDB95.tmp
2009-04-14 13:04 . 2009-04-14 13:06 2530304 ----a-w c:\windows\Internet Logs\xDB96.tmp
2009-04-13 18:10 . 2009-04-13 18:12 2529792 ----a-w c:\windows\Internet Logs\xDB94.tmp
2009-04-13 18:10 . 2009-04-13 18:12 848896 ----a-w c:\windows\Internet Logs\xDB93.tmp
2009-04-11 08:15 . 2009-04-11 08:16 2518528 ----a-w c:\windows\Internet Logs\xDB92.tmp
2009-04-07 18:18 . 2008-02-10 10:36 -------- d-----w c:\program files\Google
2009-04-06 17:42 . 2009-04-06 17:42 -------- d-----w c:\program files\AskSearch
2009-04-06 17:42 . 2009-04-06 17:28 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-04-06 17:41 . 2009-04-06 17:41 -------- d-----w c:\program files\DVDVideoSoft
2009-04-06 17:21 . 2009-04-06 17:15 -------- d-----w c:\program files\Free CENZURA Converter
2009-04-02 17:54 . 2009-04-03 06:20 2150400 ----a-w c:\windows\Internet Logs\xDB91.tmp
2009-03-28 17:54 . 2008-09-02 11:06 -------- d-----w c:\program files\VisualSubSync
2009-03-23 11:23 . 2009-01-05 15:16 -------- d-----w c:\program files\Clarus
2009-03-23 11:23 . 2007-04-05 19:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 06:18 . 2006-06-13 10:45 28761338 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-16 06:18 . 2008-04-20 15:23 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-14 18:48 . 2008-07-12 18:07 -------- d-----w c:\program files\ICQ6
2009-03-05 15:53 . 2009-03-05 15:57 2344448 ----a-w c:\windows\Internet Logs\xDB90.tmp
2009-03-04 19:07 . 2009-03-05 13:00 1609216 ----a-w c:\windows\Internet Logs\xDB8F.tmp
2009-02-15 11:16 . 2009-02-15 16:04 2455040 ----a-w c:\windows\Internet Logs\xDB8E.tmp
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"Google Update"="c:\documents and settings\Tomas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Tomas\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2009-3-23 888832]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2009-3-23 81920]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2009-3-23 94208]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Midway Games\\Rise and Fall\\RiseAndFall.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17161:TCP"= 17161:TCP:BitComet 17161 TCP
"17161:UDP"= 17161:UDP:BitComet 17161 UDP
"17613:TCP"= 17613:TCP:BitComet 17613 TCP
"17613:UDP"= 17613:UDP:BitComet 17613 UDP
R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [5.4.2007 21:07 210304]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [5.1.2009 17:16 11520]
R1 mvd17;mvd17;c:\program files\Clarus\Samsung SecretZone\mvd17.sys [5.1.2009 17:16 60288]
R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [5.1.2009 17:16 102400]
R3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [20.3.2006 18:34 1452032]
R3 PAC7302;Messenger 310;c:\windows\system32\drivers\PAC7302.SYS [14.6.2007 18:34 457856]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [3.8.2004 23:04 69120]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [5.4.2007 21:08 28672]
S2 gupdate1c99416ab1db714;Google Update Service (gupdate1c99416ab1db714);c:\program files\Google\Update\GoogleUpdate.exe [21.2.2009 13:22 133104]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F4BE0CF3-C203-960F-6F4A-6CA2ED515149}]
c:\program files\MSXML43\setup.exe s
.
Obsah adresáře 'Naplánované úlohy'
2009-04-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 14:53]
2009-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2009-05-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-21 16:08]
2009-05-10 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 11:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = hxxp://update.zonelabs.com/checkupdatew ... l&OEM=1043
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 11:16
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1040)
c:\windows\system32\msi.dll
.
Celkový čas: 2009-05-10 11:17
ComboFix-quarantined-files.txt 2009-05-10 09:17
Před spuštěním: 1 596 694 528
Po spuštění: 1 625 812 992
180 --- E O F --- 2008-12-05 15:03
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu, potřebuje helpnou pls
Takže dočistíme nákazy a zbytek po Kaspersky..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\program files\MSXML43\setup.exe
Vlož sem pak odkaz výsledku.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\system32\winrkq32.dll
c:\windows\system32\TABCTFR.DLL
c:\windows\system32\Mscc2fr.dll
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox.idx
c:\windows\Internet Logs\xDBAD.tmp
c:\windows\Internet Logs\xDBAE.tmp
c:\windows\Internet Logs\xDBAB.tmp
c:\windows\Internet Logs\xDBAC.tmp
c:\windows\Internet Logs\xDBAA.tmp
c:\windows\Internet Logs\xDBA9.tmp
c:\windows\Internet Logs\xDBA7.tmp
c:\windows\Internet Logs\xDBA8.tmp
c:\windows\Internet Logs\xDBA5.tmp
c:\windows\Internet Logs\xDBA6.tmp
c:\windows\Internet Logs\xDBA4.tmp
c:\windows\Internet Logs\xDBA3.tmp
c:\windows\Internet Logs\xDBA2.tmp
c:\windows\Internet Logs\xDBA1.tmp
c:\windows\Internet Logs\xDBA0.tmp
c:\windows\Internet Logs\xDB9E.tmp
c:\windows\Internet Logs\xDB9F.tmp
c:\windows\Internet Logs\xDB9D.tmp
c:\windows\Internet Logs\xDB9C.tmp
c:\windows\Internet Logs\xDB9B.tmp
c:\windows\Internet Logs\xDB9A.tmp
c:\windows\Internet Logs\xDB99.tmp
c:\windows\Internet Logs\xDB98.tmp
c:\windows\Internet Logs\xDB97.tmp
c:\windows\Internet Logs\xDB95.tmp
c:\windows\Internet Logs\xDB96.tmp
c:\windows\Internet Logs\xDB94.tmp
c:\windows\Internet Logs\xDB93.tmp
c:\windows\Internet Logs\xDB92.tmp
c:\windows\Internet Logs\xDB91.tmp
c:\windows\Internet Logs\xDB90.tmp
c:\windows\Internet Logs\xDB8F.tmp
c:\windows\Internet Logs\xDB8E.tmp
G:\Autorun.exe
c:\windows\system32\drivers\p17filt.sys
Driver::
p17filt
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\program files\MSXML43\setup.exe
Vlož sem pak odkaz výsledku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu, potřebuje helpnou pls
no tak sem dal do Combofixu ty zelený soubory. ALE TEĎ MI PŘESTAL JÍT ZVUK. Co s tim?
log je tady:
ComboFix 09-05-08.03 - Tomas 11.05.2009 14:16.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.767 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tomas\Plocha\CFScript.txt
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
c:\windows\Internet Logs\xDB8E.tmp
c:\windows\Internet Logs\xDB8F.tmp
c:\windows\Internet Logs\xDB90.tmp
c:\windows\Internet Logs\xDB91.tmp
c:\windows\Internet Logs\xDB92.tmp
c:\windows\Internet Logs\xDB93.tmp
c:\windows\Internet Logs\xDB94.tmp
c:\windows\Internet Logs\xDB95.tmp
c:\windows\Internet Logs\xDB96.tmp
c:\windows\Internet Logs\xDB97.tmp
c:\windows\Internet Logs\xDB98.tmp
c:\windows\Internet Logs\xDB99.tmp
c:\windows\Internet Logs\xDB9A.tmp
c:\windows\Internet Logs\xDB9B.tmp
c:\windows\Internet Logs\xDB9C.tmp
c:\windows\Internet Logs\xDB9D.tmp
c:\windows\Internet Logs\xDB9E.tmp
c:\windows\Internet Logs\xDB9F.tmp
c:\windows\Internet Logs\xDBA0.tmp
c:\windows\Internet Logs\xDBA1.tmp
c:\windows\Internet Logs\xDBA2.tmp
c:\windows\Internet Logs\xDBA3.tmp
c:\windows\Internet Logs\xDBA4.tmp
c:\windows\Internet Logs\xDBA5.tmp
c:\windows\Internet Logs\xDBA6.tmp
c:\windows\Internet Logs\xDBA7.tmp
c:\windows\Internet Logs\xDBA8.tmp
c:\windows\Internet Logs\xDBA9.tmp
c:\windows\Internet Logs\xDBAA.tmp
c:\windows\Internet Logs\xDBAB.tmp
c:\windows\Internet Logs\xDBAC.tmp
c:\windows\Internet Logs\xDBAD.tmp
c:\windows\Internet Logs\xDBAE.tmp
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox.idx
c:\windows\system32\drivers\p17filt.sys
c:\windows\system32\Mscc2fr.dll
c:\windows\system32\TABCTFR.DLL
c:\windows\system32\winrkq32.dll
G:\Autorun.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Internet Logs\xDB8E.tmp
c:\windows\Internet Logs\xDB8F.tmp
c:\windows\Internet Logs\xDB90.tmp
c:\windows\Internet Logs\xDB91.tmp
c:\windows\Internet Logs\xDB92.tmp
c:\windows\Internet Logs\xDB93.tmp
c:\windows\Internet Logs\xDB94.tmp
c:\windows\Internet Logs\xDB95.tmp
c:\windows\Internet Logs\xDB96.tmp
c:\windows\Internet Logs\xDB97.tmp
c:\windows\Internet Logs\xDB98.tmp
c:\windows\Internet Logs\xDB99.tmp
c:\windows\Internet Logs\xDB9A.tmp
c:\windows\Internet Logs\xDB9B.tmp
c:\windows\Internet Logs\xDB9C.tmp
c:\windows\Internet Logs\xDB9D.tmp
c:\windows\Internet Logs\xDB9E.tmp
c:\windows\Internet Logs\xDB9F.tmp
c:\windows\Internet Logs\xDBA0.tmp
c:\windows\Internet Logs\xDBA1.tmp
c:\windows\Internet Logs\xDBA2.tmp
c:\windows\Internet Logs\xDBA3.tmp
c:\windows\Internet Logs\xDBA4.tmp
c:\windows\Internet Logs\xDBA5.tmp
c:\windows\Internet Logs\xDBA6.tmp
c:\windows\Internet Logs\xDBA7.tmp
c:\windows\Internet Logs\xDBA8.tmp
c:\windows\Internet Logs\xDBA9.tmp
c:\windows\Internet Logs\xDBAA.tmp
c:\windows\Internet Logs\xDBAB.tmp
c:\windows\Internet Logs\xDBAC.tmp
c:\windows\Internet Logs\xDBAD.tmp
c:\windows\Internet Logs\xDBAE.tmp
c:\windows\system32\drivers\p17filt.sys
c:\windows\system32\Mscc2fr.dll
c:\windows\system32\TABCTFR.DLL
c:\windows\system32\winrkq32.dll
c:\windows\system32\drivers\fidbox.dat . . . . nemohl být smazán
c:\windows\system32\drivers\fidbox.idx . . . . nemohl být smazán
G:\Autorun.exe . . . . nemohl být smazán
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_p17filt
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-11 do 2009-05-11 )))))))))))))))))))))))))))))))
.
2009-05-11 12:21 . 2009-05-11 12:24 263456 ----a-w c:\windows\system32\drivers\fidbox.dat
2009-05-10 09:34 . 2008-06-19 15:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-10 09:34 . 2009-05-10 09:34 -------- d-----w c:\program files\Panda Security
2009-05-09 08:09 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-09 08:08 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-09 08:08 . 2009-05-09 08:09 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-11 17:03 . 1998-07-12 23:00 20992 ----a-w c:\windows\system32\CMCT2FR.DLL
2009-04-11 17:03 . 2009-04-28 18:10 -------- d-----w c:\program files\Ipod Video Converter
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 12:21 . 2009-05-11 12:21 32 ------w c:\windows\system32\drivers\fidbox.idx
2009-05-11 11:30 . 2001-10-25 14:00 73236 ----a-w c:\windows\system32\perfc005.dat
2009-05-11 11:30 . 2001-10-25 14:00 398472 ----a-w c:\windows\system32\perfh005.dat
2009-05-10 19:09 . 2009-05-11 11:23 3108864 ----a-w c:\windows\Internet Logs\xDBAF.tmp
2009-05-09 08:03 . 2007-04-05 19:29 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-05-04 08:30 . 2009-05-04 08:30 81019 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_05_04_10_23_21_small.dmp.zip
2009-05-03 13:11 . 2007-04-05 19:24 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-10 12:30 . 2009-04-10 12:30 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-10 12:30 . 2009-04-10 12:30 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-10 12:30 . 2009-04-10 12:30 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-10 12:30 . 2009-04-10 12:30 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-07 18:18 . 2008-02-10 10:36 -------- d-----w c:\program files\Google
2009-04-06 17:42 . 2009-04-06 17:42 -------- d-----w c:\program files\AskSearch
2009-04-06 17:42 . 2009-04-06 17:28 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-04-06 17:41 . 2009-04-06 17:41 -------- d-----w c:\program files\DVDVideoSoft
2009-04-06 17:21 . 2009-04-06 17:15 -------- d-----w c:\program files\Free CENZURA Converter
2009-03-28 17:54 . 2008-09-02 11:06 -------- d-----w c:\program files\VisualSubSync
2009-03-23 11:23 . 2009-01-05 15:16 -------- d-----w c:\program files\Clarus
2009-03-23 11:23 . 2007-04-05 19:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 06:18 . 2006-06-13 10:45 28761338 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-16 06:18 . 2008-04-20 15:23 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-14 18:48 . 2008-07-12 18:07 -------- d-----w c:\program files\ICQ6
.
((((((((((((((((((((((((((((( SnapShot@2009-05-10_09.16.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 14:00 . 2009-05-10 08:49 62344 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2009-05-11 11:30 62344 c:\windows\system32\perfc009.dat
+ 2008-07-12 17:42 . 2009-05-11 12:23 198692 c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2001-10-25 14:00 . 2009-05-11 11:30 401064 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2009-05-10 08:49 401064 c:\windows\system32\perfh009.dat
+ 2009-04-17 06:59 . 2009-04-17 06:59 128256 c:\windows\Downloaded Program Files\as2stubie.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"Google Update"="c:\documents and settings\Tomas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Tomas\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2009-3-23 888832]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2009-3-23 81920]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2009-3-23 94208]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Midway Games\\Rise and Fall\\RiseAndFall.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17161:TCP"= 17161:TCP:BitComet 17161 TCP
"17161:UDP"= 17161:UDP:BitComet 17161 UDP
"17613:TCP"= 17613:TCP:BitComet 17613 TCP
"17613:UDP"= 17613:UDP:BitComet 17613 UDP
R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [5.4.2007 21:07 210304]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10.5.2009 11:34 28544]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [5.1.2009 17:16 11520]
R1 mvd17;mvd17;c:\program files\Clarus\Samsung SecretZone\mvd17.sys [5.1.2009 17:16 60288]
R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [5.1.2009 17:16 102400]
R3 PAC7302;Messenger 310;c:\windows\system32\drivers\PAC7302.SYS [14.6.2007 18:34 457856]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [3.8.2004 23:04 69120]
S2 gupdate1c99416ab1db714;Google Update Service (gupdate1c99416ab1db714);c:\program files\Google\Update\GoogleUpdate.exe [21.2.2009 13:22 133104]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [5.4.2007 21:08 28672]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F4BE0CF3-C203-960F-6F4A-6CA2ED515149}]
c:\program files\MSXML43\setup.exe s
.
Obsah adresáře 'Naplánované úlohy'
2009-04-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 14:53]
2009-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2009-05-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-21 16:08]
2009-05-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 11:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = hxxp://update.zonelabs.com/checkupdatew ... l&OEM=1043
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 14:23
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1232)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2009-05-11 14:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-05-11 12:27
ComboFix2.txt 2009-05-10 09:17
Před spuštěním: 1 380 483 072
Po spuštění: 1 425 879 040
252 --- E O F --- 2008-12-05 15:03
log je tady:
ComboFix 09-05-08.03 - Tomas 11.05.2009 14:16.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.767 [GMT 2:00]
Spuštěný z: c:\documents and settings\Tomas\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Tomas\Plocha\CFScript.txt
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
c:\windows\Internet Logs\xDB8E.tmp
c:\windows\Internet Logs\xDB8F.tmp
c:\windows\Internet Logs\xDB90.tmp
c:\windows\Internet Logs\xDB91.tmp
c:\windows\Internet Logs\xDB92.tmp
c:\windows\Internet Logs\xDB93.tmp
c:\windows\Internet Logs\xDB94.tmp
c:\windows\Internet Logs\xDB95.tmp
c:\windows\Internet Logs\xDB96.tmp
c:\windows\Internet Logs\xDB97.tmp
c:\windows\Internet Logs\xDB98.tmp
c:\windows\Internet Logs\xDB99.tmp
c:\windows\Internet Logs\xDB9A.tmp
c:\windows\Internet Logs\xDB9B.tmp
c:\windows\Internet Logs\xDB9C.tmp
c:\windows\Internet Logs\xDB9D.tmp
c:\windows\Internet Logs\xDB9E.tmp
c:\windows\Internet Logs\xDB9F.tmp
c:\windows\Internet Logs\xDBA0.tmp
c:\windows\Internet Logs\xDBA1.tmp
c:\windows\Internet Logs\xDBA2.tmp
c:\windows\Internet Logs\xDBA3.tmp
c:\windows\Internet Logs\xDBA4.tmp
c:\windows\Internet Logs\xDBA5.tmp
c:\windows\Internet Logs\xDBA6.tmp
c:\windows\Internet Logs\xDBA7.tmp
c:\windows\Internet Logs\xDBA8.tmp
c:\windows\Internet Logs\xDBA9.tmp
c:\windows\Internet Logs\xDBAA.tmp
c:\windows\Internet Logs\xDBAB.tmp
c:\windows\Internet Logs\xDBAC.tmp
c:\windows\Internet Logs\xDBAD.tmp
c:\windows\Internet Logs\xDBAE.tmp
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox.idx
c:\windows\system32\drivers\p17filt.sys
c:\windows\system32\Mscc2fr.dll
c:\windows\system32\TABCTFR.DLL
c:\windows\system32\winrkq32.dll
G:\Autorun.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Internet Logs\xDB8E.tmp
c:\windows\Internet Logs\xDB8F.tmp
c:\windows\Internet Logs\xDB90.tmp
c:\windows\Internet Logs\xDB91.tmp
c:\windows\Internet Logs\xDB92.tmp
c:\windows\Internet Logs\xDB93.tmp
c:\windows\Internet Logs\xDB94.tmp
c:\windows\Internet Logs\xDB95.tmp
c:\windows\Internet Logs\xDB96.tmp
c:\windows\Internet Logs\xDB97.tmp
c:\windows\Internet Logs\xDB98.tmp
c:\windows\Internet Logs\xDB99.tmp
c:\windows\Internet Logs\xDB9A.tmp
c:\windows\Internet Logs\xDB9B.tmp
c:\windows\Internet Logs\xDB9C.tmp
c:\windows\Internet Logs\xDB9D.tmp
c:\windows\Internet Logs\xDB9E.tmp
c:\windows\Internet Logs\xDB9F.tmp
c:\windows\Internet Logs\xDBA0.tmp
c:\windows\Internet Logs\xDBA1.tmp
c:\windows\Internet Logs\xDBA2.tmp
c:\windows\Internet Logs\xDBA3.tmp
c:\windows\Internet Logs\xDBA4.tmp
c:\windows\Internet Logs\xDBA5.tmp
c:\windows\Internet Logs\xDBA6.tmp
c:\windows\Internet Logs\xDBA7.tmp
c:\windows\Internet Logs\xDBA8.tmp
c:\windows\Internet Logs\xDBA9.tmp
c:\windows\Internet Logs\xDBAA.tmp
c:\windows\Internet Logs\xDBAB.tmp
c:\windows\Internet Logs\xDBAC.tmp
c:\windows\Internet Logs\xDBAD.tmp
c:\windows\Internet Logs\xDBAE.tmp
c:\windows\system32\drivers\p17filt.sys
c:\windows\system32\Mscc2fr.dll
c:\windows\system32\TABCTFR.DLL
c:\windows\system32\winrkq32.dll
c:\windows\system32\drivers\fidbox.dat . . . . nemohl být smazán
c:\windows\system32\drivers\fidbox.idx . . . . nemohl být smazán
G:\Autorun.exe . . . . nemohl být smazán
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_p17filt
((((((((((((((((((((((((( Soubory vytvořené od 2009-04-11 do 2009-05-11 )))))))))))))))))))))))))))))))
.
2009-05-11 12:21 . 2009-05-11 12:24 263456 ----a-w c:\windows\system32\drivers\fidbox.dat
2009-05-10 09:34 . 2008-06-19 15:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-10 09:34 . 2009-05-10 09:34 -------- d-----w c:\program files\Panda Security
2009-05-09 08:09 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-09 08:08 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-09 08:08 . 2009-05-09 08:09 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-11 17:03 . 1998-07-12 23:00 20992 ----a-w c:\windows\system32\CMCT2FR.DLL
2009-04-11 17:03 . 2009-04-28 18:10 -------- d-----w c:\program files\Ipod Video Converter
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 12:21 . 2009-05-11 12:21 32 ------w c:\windows\system32\drivers\fidbox.idx
2009-05-11 11:30 . 2001-10-25 14:00 73236 ----a-w c:\windows\system32\perfc005.dat
2009-05-11 11:30 . 2001-10-25 14:00 398472 ----a-w c:\windows\system32\perfh005.dat
2009-05-10 19:09 . 2009-05-11 11:23 3108864 ----a-w c:\windows\Internet Logs\xDBAF.tmp
2009-05-09 08:03 . 2007-04-05 19:29 4212 ---h--w c:\windows\system32\zllictbl.dat
2009-05-04 08:30 . 2009-05-04 08:30 81019 ----a-w c:\windows\Internet Logs\zlclient_2nd_2009_05_04_10_23_21_small.dmp.zip
2009-05-03 13:11 . 2007-04-05 19:24 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-10 12:30 . 2009-04-10 12:30 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-10 12:30 . 2009-04-10 12:30 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-10 12:30 . 2009-04-10 12:30 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-10 12:30 . 2009-04-10 12:30 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-07 18:18 . 2008-02-10 10:36 -------- d-----w c:\program files\Google
2009-04-06 17:42 . 2009-04-06 17:42 -------- d-----w c:\program files\AskSearch
2009-04-06 17:42 . 2009-04-06 17:28 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-04-06 17:41 . 2009-04-06 17:41 -------- d-----w c:\program files\DVDVideoSoft
2009-04-06 17:21 . 2009-04-06 17:15 -------- d-----w c:\program files\Free CENZURA Converter
2009-03-28 17:54 . 2008-09-02 11:06 -------- d-----w c:\program files\VisualSubSync
2009-03-23 11:23 . 2009-01-05 15:16 -------- d-----w c:\program files\Clarus
2009-03-23 11:23 . 2007-04-05 19:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-16 06:18 . 2006-06-13 10:45 28761338 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-16 06:18 . 2008-04-20 15:23 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-14 18:48 . 2008-07-12 18:07 -------- d-----w c:\program files\ICQ6
.
((((((((((((((((((((((((((((( SnapShot@2009-05-10_09.16.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 14:00 . 2009-05-10 08:49 62344 c:\windows\system32\perfc009.dat
+ 2001-10-25 14:00 . 2009-05-11 11:30 62344 c:\windows\system32\perfc009.dat
+ 2008-07-12 17:42 . 2009-05-11 12:23 198692 c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2001-10-25 14:00 . 2009-05-11 11:30 401064 c:\windows\system32\perfh009.dat
- 2001-10-25 14:00 . 2009-05-10 08:49 401064 c:\windows\system32\perfh009.dat
+ 2009-04-17 06:59 . 2009-04-17 06:59 128256 c:\windows\Downloaded Program Files\as2stubie.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"Google Update"="c:\documents and settings\Tomas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-08 133104]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Tomas\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2009-3-23 888832]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2009-3-23 81920]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2009-3-23 94208]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Midway Games\\Rise and Fall\\RiseAndFall.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Steam\\steamapps\\common\\empire total war\\Empire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17161:TCP"= 17161:TCP:BitComet 17161 TCP
"17161:UDP"= 17161:UDP:BitComet 17161 UDP
"17613:TCP"= 17613:TCP:BitComet 17613 TCP
"17613:UDP"= 17613:UDP:BitComet 17613 UDP
R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [5.4.2007 21:07 210304]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10.5.2009 11:34 28544]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 17:11 35328]
R1 mdf15;mdf15;c:\program files\Clarus\Samsung SecretZone\mdf15.sys [5.1.2009 17:16 11520]
R1 mvd17;mvd17;c:\program files\Clarus\Samsung SecretZone\mvd17.sys [5.1.2009 17:16 60288]
R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [5.1.2009 17:16 102400]
R3 PAC7302;Messenger 310;c:\windows\system32\drivers\PAC7302.SYS [14.6.2007 18:34 457856]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [3.8.2004 23:04 69120]
S2 gupdate1c99416ab1db714;Google Update Service (gupdate1c99416ab1db714);c:\program files\Google\Update\GoogleUpdate.exe [21.2.2009 13:22 133104]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [5.4.2007 21:08 28672]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F4BE0CF3-C203-960F-6F4A-6CA2ED515149}]
c:\program files\MSXML43\setup.exe s
.
Obsah adresáře 'Naplánované úlohy'
2009-04-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 14:53]
2009-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2009-05-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-21 16:08]
2009-05-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 11:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = hxxp://update.zonelabs.com/checkupdatew ... l&OEM=1043
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 14:23
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1232)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2009-05-11 14:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-05-11 12:27
ComboFix2.txt 2009-05-10 09:17
Před spuštěním: 1 380 483 072
Po spuštění: 1 425 879 040
252 --- E O F --- 2008-12-05 15:03
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu, potřebuje helpnou pls
Pořídil sis Pandu. Ohledně zvuku: Koukni do správce zařízení na zvukovou kartu , zda tam nemáš otazník nebo vykřičník-pokud ano , přeinstaluj ovladač.
Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE
- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
Pak ještě nový log z HJT.
EDIT: Ještě jsi zapomněl na toto:
Toto otestuj na Virustotal
c:\program files\MSXML43\setup.exe
Vlož sem pak odkaz výsledku. Odkaz výše.
Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE
Kód: Vybrat vše
:Processes
explorer.exe
:Services
:Reg
:Files
c:\windows\Internet Logs\xDB*.tmp
c:\windows\system32\drivers\fidbox.dat
c:\windows\system32\drivers\fidbox.idx
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.
Pak ještě nový log z HJT.
EDIT: Ještě jsi zapomněl na toto:
Toto otestuj na Virustotal
c:\program files\MSXML43\setup.exe
Vlož sem pak odkaz výsledku. Odkaz výše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Kontrola logu, potřebuje helpnou pls
log z HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:49, on 17.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\ICQ6\ICQ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.zonelabs.com/checkupdatew ... l&OEM=1043
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Samsung Auto Backup Guage.lnk = ?
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?
O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c99416ab1db714) (gupdate1c99416ab1db714) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8200 bytes
log z MOVEDfiles
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\windows\Internet Logs\xDB1.tmp moved successfully.
c:\windows\Internet Logs\xDB10.tmp moved successfully.
c:\windows\Internet Logs\xDB11.tmp moved successfully.
c:\windows\Internet Logs\xDB12.tmp moved successfully.
c:\windows\Internet Logs\xDB13.tmp moved successfully.
c:\windows\Internet Logs\xDB14.tmp moved successfully.
c:\windows\Internet Logs\xDB15.tmp moved successfully.
c:\windows\Internet Logs\xDB16.tmp moved successfully.
c:\windows\Internet Logs\xDB17.tmp moved successfully.
c:\windows\Internet Logs\xDB18.tmp moved successfully.
c:\windows\Internet Logs\xDB19.tmp moved successfully.
c:\windows\Internet Logs\xDB1A.tmp moved successfully.
c:\windows\Internet Logs\xDB1B.tmp moved successfully.
c:\windows\Internet Logs\xDB1C.tmp moved successfully.
c:\windows\Internet Logs\xDB1D.tmp moved successfully.
c:\windows\Internet Logs\xDB1E.tmp moved successfully.
c:\windows\Internet Logs\xDB1F.tmp moved successfully.
c:\windows\Internet Logs\xDB2.tmp moved successfully.
c:\windows\Internet Logs\xDB20.tmp moved successfully.
c:\windows\Internet Logs\xDB21.tmp moved successfully.
c:\windows\Internet Logs\xDB22.tmp moved successfully.
c:\windows\Internet Logs\xDB23.tmp moved successfully.
c:\windows\Internet Logs\xDB24.tmp moved successfully.
c:\windows\Internet Logs\xDB25.tmp moved successfully.
c:\windows\Internet Logs\xDB26.tmp moved successfully.
c:\windows\Internet Logs\xDB27.tmp moved successfully.
c:\windows\Internet Logs\xDB28.tmp moved successfully.
c:\windows\Internet Logs\xDB29.tmp moved successfully.
c:\windows\Internet Logs\xDB2A.tmp moved successfully.
c:\windows\Internet Logs\xDB2B.tmp moved successfully.
c:\windows\Internet Logs\xDB2C.tmp moved successfully.
c:\windows\Internet Logs\xDB2D.tmp moved successfully.
c:\windows\Internet Logs\xDB2E.tmp moved successfully.
c:\windows\Internet Logs\xDB2F.tmp moved successfully.
c:\windows\Internet Logs\xDB3.tmp moved successfully.
c:\windows\Internet Logs\xDB30.tmp moved successfully.
c:\windows\Internet Logs\xDB31.tmp moved successfully.
c:\windows\Internet Logs\xDB32.tmp moved successfully.
c:\windows\Internet Logs\xDB33.tmp moved successfully.
c:\windows\Internet Logs\xDB34.tmp moved successfully.
c:\windows\Internet Logs\xDB35.tmp moved successfully.
c:\windows\Internet Logs\xDB36.tmp moved successfully.
c:\windows\Internet Logs\xDB37.tmp moved successfully.
c:\windows\Internet Logs\xDB38.tmp moved successfully.
c:\windows\Internet Logs\xDB39.tmp moved successfully.
c:\windows\Internet Logs\xDB3A.tmp moved successfully.
c:\windows\Internet Logs\xDB3B.tmp moved successfully.
c:\windows\Internet Logs\xDB3C.tmp moved successfully.
c:\windows\Internet Logs\xDB3D.tmp moved successfully.
c:\windows\Internet Logs\xDB3E.tmp moved successfully.
c:\windows\Internet Logs\xDB3F.tmp moved successfully.
c:\windows\Internet Logs\xDB4.tmp moved successfully.
c:\windows\Internet Logs\xDB40.tmp moved successfully.
c:\windows\Internet Logs\xDB41.tmp moved successfully.
c:\windows\Internet Logs\xDB42.tmp moved successfully.
c:\windows\Internet Logs\xDB43.tmp moved successfully.
c:\windows\Internet Logs\xDB44.tmp moved successfully.
c:\windows\Internet Logs\xDB45.tmp moved successfully.
c:\windows\Internet Logs\xDB46.tmp moved successfully.
c:\windows\Internet Logs\xDB47.tmp moved successfully.
c:\windows\Internet Logs\xDB48.tmp moved successfully.
c:\windows\Internet Logs\xDB49.tmp moved successfully.
c:\windows\Internet Logs\xDB4A.tmp moved successfully.
c:\windows\Internet Logs\xDB4B.tmp moved successfully.
c:\windows\Internet Logs\xDB4C.tmp moved successfully.
c:\windows\Internet Logs\xDB4D.tmp moved successfully.
c:\windows\Internet Logs\xDB4E.tmp moved successfully.
c:\windows\Internet Logs\xDB4F.tmp moved successfully.
c:\windows\Internet Logs\xDB5.tmp moved successfully.
c:\windows\Internet Logs\xDB50.tmp moved successfully.
c:\windows\Internet Logs\xDB51.tmp moved successfully.
c:\windows\Internet Logs\xDB52.tmp moved successfully.
c:\windows\Internet Logs\xDB53.tmp moved successfully.
c:\windows\Internet Logs\xDB54.tmp moved successfully.
c:\windows\Internet Logs\xDB55.tmp moved successfully.
c:\windows\Internet Logs\xDB56.tmp moved successfully.
c:\windows\Internet Logs\xDB57.tmp moved successfully.
c:\windows\Internet Logs\xDB58.tmp moved successfully.
c:\windows\Internet Logs\xDB59.tmp moved successfully.
c:\windows\Internet Logs\xDB5A.tmp moved successfully.
c:\windows\Internet Logs\xDB5B.tmp moved successfully.
c:\windows\Internet Logs\xDB5C.tmp moved successfully.
c:\windows\Internet Logs\xDB5D.tmp moved successfully.
c:\windows\Internet Logs\xDB5E.tmp moved successfully.
c:\windows\Internet Logs\xDB5F.tmp moved successfully.
c:\windows\Internet Logs\xDB6.tmp moved successfully.
c:\windows\Internet Logs\xDB60.tmp moved successfully.
c:\windows\Internet Logs\xDB61.tmp moved successfully.
c:\windows\Internet Logs\xDB62.tmp moved successfully.
c:\windows\Internet Logs\xDB63.tmp moved successfully.
c:\windows\Internet Logs\xDB64.tmp moved successfully.
c:\windows\Internet Logs\xDB65.tmp moved successfully.
c:\windows\Internet Logs\xDB66.tmp moved successfully.
c:\windows\Internet Logs\xDB67.tmp moved successfully.
c:\windows\Internet Logs\xDB68.tmp moved successfully.
c:\windows\Internet Logs\xDB69.tmp moved successfully.
c:\windows\Internet Logs\xDB6A.tmp moved successfully.
c:\windows\Internet Logs\xDB6B.tmp moved successfully.
c:\windows\Internet Logs\xDB6C.tmp moved successfully.
c:\windows\Internet Logs\xDB6D.tmp moved successfully.
c:\windows\Internet Logs\xDB6E.tmp moved successfully.
c:\windows\Internet Logs\xDB6F.tmp moved successfully.
c:\windows\Internet Logs\xDB7.tmp moved successfully.
c:\windows\Internet Logs\xDB70.tmp moved successfully.
c:\windows\Internet Logs\xDB71.tmp moved successfully.
c:\windows\Internet Logs\xDB72.tmp moved successfully.
c:\windows\Internet Logs\xDB73.tmp moved successfully.
c:\windows\Internet Logs\xDB74.tmp moved successfully.
c:\windows\Internet Logs\xDB75.tmp moved successfully.
c:\windows\Internet Logs\xDB76.tmp moved successfully.
c:\windows\Internet Logs\xDB77.tmp moved successfully.
c:\windows\Internet Logs\xDB78.tmp moved successfully.
c:\windows\Internet Logs\xDB79.tmp moved successfully.
c:\windows\Internet Logs\xDB7A.tmp moved successfully.
c:\windows\Internet Logs\xDB7B.tmp moved successfully.
c:\windows\Internet Logs\xDB7C.tmp moved successfully.
c:\windows\Internet Logs\xDB7D.tmp moved successfully.
c:\windows\Internet Logs\xDB7E.tmp moved successfully.
c:\windows\Internet Logs\xDB7F.tmp moved successfully.
c:\windows\Internet Logs\xDB8.tmp moved successfully.
c:\windows\Internet Logs\xDB80.tmp moved successfully.
c:\windows\Internet Logs\xDB81.tmp moved successfully.
c:\windows\Internet Logs\xDB82.tmp moved successfully.
c:\windows\Internet Logs\xDB83.tmp moved successfully.
c:\windows\Internet Logs\xDB84.tmp moved successfully.
c:\windows\Internet Logs\xDB85.tmp moved successfully.
c:\windows\Internet Logs\xDB86.tmp moved successfully.
c:\windows\Internet Logs\xDB87.tmp moved successfully.
c:\windows\Internet Logs\xDB88.tmp moved successfully.
c:\windows\Internet Logs\xDB89.tmp moved successfully.
c:\windows\Internet Logs\xDB8A.tmp moved successfully.
c:\windows\Internet Logs\xDB8B.tmp moved successfully.
c:\windows\Internet Logs\xDB8C.tmp moved successfully.
c:\windows\Internet Logs\xDB8D.tmp moved successfully.
c:\windows\Internet Logs\xDB8E.tmp moved successfully.
c:\windows\Internet Logs\xDB8F.tmp moved successfully.
c:\windows\Internet Logs\xDB9.tmp moved successfully.
c:\windows\Internet Logs\xDBA.tmp moved successfully.
c:\windows\Internet Logs\xDBAF.tmp moved successfully.
c:\windows\Internet Logs\xDBB.tmp moved successfully.
c:\windows\Internet Logs\xDBC.tmp moved successfully.
c:\windows\Internet Logs\xDBD.tmp moved successfully.
c:\windows\Internet Logs\xDBE.tmp moved successfully.
c:\windows\Internet Logs\xDBF.tmp moved successfully.
File move failed. c:\windows\system32\drivers\fidbox.dat scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\fidbox.idx scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Tomas\LOCALS~1\Temp\~DF2BD4.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Tomas\Local Settings\Temporary Internet Files\Content.IE5\GTUNWPER\CAM34127.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tomas\Local Settings\Temporary Internet Files\Content.IE5\3EF3S1KG\CAQV0VTY.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tomas\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05172009_123601
ALE U SKENU TOHO SOUBORU MI TO PÍŠE, ŽE NELZE NALÉZT.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:49, on 17.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\ICQ6\ICQ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.zonelabs.com/checkupdatew ... l&OEM=1043
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tomas\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Samsung Auto Backup Guage.lnk = ?
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?
O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c99416ab1db714) (gupdate1c99416ab1db714) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 8200 bytes
log z MOVEDfiles
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\windows\Internet Logs\xDB1.tmp moved successfully.
c:\windows\Internet Logs\xDB10.tmp moved successfully.
c:\windows\Internet Logs\xDB11.tmp moved successfully.
c:\windows\Internet Logs\xDB12.tmp moved successfully.
c:\windows\Internet Logs\xDB13.tmp moved successfully.
c:\windows\Internet Logs\xDB14.tmp moved successfully.
c:\windows\Internet Logs\xDB15.tmp moved successfully.
c:\windows\Internet Logs\xDB16.tmp moved successfully.
c:\windows\Internet Logs\xDB17.tmp moved successfully.
c:\windows\Internet Logs\xDB18.tmp moved successfully.
c:\windows\Internet Logs\xDB19.tmp moved successfully.
c:\windows\Internet Logs\xDB1A.tmp moved successfully.
c:\windows\Internet Logs\xDB1B.tmp moved successfully.
c:\windows\Internet Logs\xDB1C.tmp moved successfully.
c:\windows\Internet Logs\xDB1D.tmp moved successfully.
c:\windows\Internet Logs\xDB1E.tmp moved successfully.
c:\windows\Internet Logs\xDB1F.tmp moved successfully.
c:\windows\Internet Logs\xDB2.tmp moved successfully.
c:\windows\Internet Logs\xDB20.tmp moved successfully.
c:\windows\Internet Logs\xDB21.tmp moved successfully.
c:\windows\Internet Logs\xDB22.tmp moved successfully.
c:\windows\Internet Logs\xDB23.tmp moved successfully.
c:\windows\Internet Logs\xDB24.tmp moved successfully.
c:\windows\Internet Logs\xDB25.tmp moved successfully.
c:\windows\Internet Logs\xDB26.tmp moved successfully.
c:\windows\Internet Logs\xDB27.tmp moved successfully.
c:\windows\Internet Logs\xDB28.tmp moved successfully.
c:\windows\Internet Logs\xDB29.tmp moved successfully.
c:\windows\Internet Logs\xDB2A.tmp moved successfully.
c:\windows\Internet Logs\xDB2B.tmp moved successfully.
c:\windows\Internet Logs\xDB2C.tmp moved successfully.
c:\windows\Internet Logs\xDB2D.tmp moved successfully.
c:\windows\Internet Logs\xDB2E.tmp moved successfully.
c:\windows\Internet Logs\xDB2F.tmp moved successfully.
c:\windows\Internet Logs\xDB3.tmp moved successfully.
c:\windows\Internet Logs\xDB30.tmp moved successfully.
c:\windows\Internet Logs\xDB31.tmp moved successfully.
c:\windows\Internet Logs\xDB32.tmp moved successfully.
c:\windows\Internet Logs\xDB33.tmp moved successfully.
c:\windows\Internet Logs\xDB34.tmp moved successfully.
c:\windows\Internet Logs\xDB35.tmp moved successfully.
c:\windows\Internet Logs\xDB36.tmp moved successfully.
c:\windows\Internet Logs\xDB37.tmp moved successfully.
c:\windows\Internet Logs\xDB38.tmp moved successfully.
c:\windows\Internet Logs\xDB39.tmp moved successfully.
c:\windows\Internet Logs\xDB3A.tmp moved successfully.
c:\windows\Internet Logs\xDB3B.tmp moved successfully.
c:\windows\Internet Logs\xDB3C.tmp moved successfully.
c:\windows\Internet Logs\xDB3D.tmp moved successfully.
c:\windows\Internet Logs\xDB3E.tmp moved successfully.
c:\windows\Internet Logs\xDB3F.tmp moved successfully.
c:\windows\Internet Logs\xDB4.tmp moved successfully.
c:\windows\Internet Logs\xDB40.tmp moved successfully.
c:\windows\Internet Logs\xDB41.tmp moved successfully.
c:\windows\Internet Logs\xDB42.tmp moved successfully.
c:\windows\Internet Logs\xDB43.tmp moved successfully.
c:\windows\Internet Logs\xDB44.tmp moved successfully.
c:\windows\Internet Logs\xDB45.tmp moved successfully.
c:\windows\Internet Logs\xDB46.tmp moved successfully.
c:\windows\Internet Logs\xDB47.tmp moved successfully.
c:\windows\Internet Logs\xDB48.tmp moved successfully.
c:\windows\Internet Logs\xDB49.tmp moved successfully.
c:\windows\Internet Logs\xDB4A.tmp moved successfully.
c:\windows\Internet Logs\xDB4B.tmp moved successfully.
c:\windows\Internet Logs\xDB4C.tmp moved successfully.
c:\windows\Internet Logs\xDB4D.tmp moved successfully.
c:\windows\Internet Logs\xDB4E.tmp moved successfully.
c:\windows\Internet Logs\xDB4F.tmp moved successfully.
c:\windows\Internet Logs\xDB5.tmp moved successfully.
c:\windows\Internet Logs\xDB50.tmp moved successfully.
c:\windows\Internet Logs\xDB51.tmp moved successfully.
c:\windows\Internet Logs\xDB52.tmp moved successfully.
c:\windows\Internet Logs\xDB53.tmp moved successfully.
c:\windows\Internet Logs\xDB54.tmp moved successfully.
c:\windows\Internet Logs\xDB55.tmp moved successfully.
c:\windows\Internet Logs\xDB56.tmp moved successfully.
c:\windows\Internet Logs\xDB57.tmp moved successfully.
c:\windows\Internet Logs\xDB58.tmp moved successfully.
c:\windows\Internet Logs\xDB59.tmp moved successfully.
c:\windows\Internet Logs\xDB5A.tmp moved successfully.
c:\windows\Internet Logs\xDB5B.tmp moved successfully.
c:\windows\Internet Logs\xDB5C.tmp moved successfully.
c:\windows\Internet Logs\xDB5D.tmp moved successfully.
c:\windows\Internet Logs\xDB5E.tmp moved successfully.
c:\windows\Internet Logs\xDB5F.tmp moved successfully.
c:\windows\Internet Logs\xDB6.tmp moved successfully.
c:\windows\Internet Logs\xDB60.tmp moved successfully.
c:\windows\Internet Logs\xDB61.tmp moved successfully.
c:\windows\Internet Logs\xDB62.tmp moved successfully.
c:\windows\Internet Logs\xDB63.tmp moved successfully.
c:\windows\Internet Logs\xDB64.tmp moved successfully.
c:\windows\Internet Logs\xDB65.tmp moved successfully.
c:\windows\Internet Logs\xDB66.tmp moved successfully.
c:\windows\Internet Logs\xDB67.tmp moved successfully.
c:\windows\Internet Logs\xDB68.tmp moved successfully.
c:\windows\Internet Logs\xDB69.tmp moved successfully.
c:\windows\Internet Logs\xDB6A.tmp moved successfully.
c:\windows\Internet Logs\xDB6B.tmp moved successfully.
c:\windows\Internet Logs\xDB6C.tmp moved successfully.
c:\windows\Internet Logs\xDB6D.tmp moved successfully.
c:\windows\Internet Logs\xDB6E.tmp moved successfully.
c:\windows\Internet Logs\xDB6F.tmp moved successfully.
c:\windows\Internet Logs\xDB7.tmp moved successfully.
c:\windows\Internet Logs\xDB70.tmp moved successfully.
c:\windows\Internet Logs\xDB71.tmp moved successfully.
c:\windows\Internet Logs\xDB72.tmp moved successfully.
c:\windows\Internet Logs\xDB73.tmp moved successfully.
c:\windows\Internet Logs\xDB74.tmp moved successfully.
c:\windows\Internet Logs\xDB75.tmp moved successfully.
c:\windows\Internet Logs\xDB76.tmp moved successfully.
c:\windows\Internet Logs\xDB77.tmp moved successfully.
c:\windows\Internet Logs\xDB78.tmp moved successfully.
c:\windows\Internet Logs\xDB79.tmp moved successfully.
c:\windows\Internet Logs\xDB7A.tmp moved successfully.
c:\windows\Internet Logs\xDB7B.tmp moved successfully.
c:\windows\Internet Logs\xDB7C.tmp moved successfully.
c:\windows\Internet Logs\xDB7D.tmp moved successfully.
c:\windows\Internet Logs\xDB7E.tmp moved successfully.
c:\windows\Internet Logs\xDB7F.tmp moved successfully.
c:\windows\Internet Logs\xDB8.tmp moved successfully.
c:\windows\Internet Logs\xDB80.tmp moved successfully.
c:\windows\Internet Logs\xDB81.tmp moved successfully.
c:\windows\Internet Logs\xDB82.tmp moved successfully.
c:\windows\Internet Logs\xDB83.tmp moved successfully.
c:\windows\Internet Logs\xDB84.tmp moved successfully.
c:\windows\Internet Logs\xDB85.tmp moved successfully.
c:\windows\Internet Logs\xDB86.tmp moved successfully.
c:\windows\Internet Logs\xDB87.tmp moved successfully.
c:\windows\Internet Logs\xDB88.tmp moved successfully.
c:\windows\Internet Logs\xDB89.tmp moved successfully.
c:\windows\Internet Logs\xDB8A.tmp moved successfully.
c:\windows\Internet Logs\xDB8B.tmp moved successfully.
c:\windows\Internet Logs\xDB8C.tmp moved successfully.
c:\windows\Internet Logs\xDB8D.tmp moved successfully.
c:\windows\Internet Logs\xDB8E.tmp moved successfully.
c:\windows\Internet Logs\xDB8F.tmp moved successfully.
c:\windows\Internet Logs\xDB9.tmp moved successfully.
c:\windows\Internet Logs\xDBA.tmp moved successfully.
c:\windows\Internet Logs\xDBAF.tmp moved successfully.
c:\windows\Internet Logs\xDBB.tmp moved successfully.
c:\windows\Internet Logs\xDBC.tmp moved successfully.
c:\windows\Internet Logs\xDBD.tmp moved successfully.
c:\windows\Internet Logs\xDBE.tmp moved successfully.
c:\windows\Internet Logs\xDBF.tmp moved successfully.
File move failed. c:\windows\system32\drivers\fidbox.dat scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\fidbox.idx scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Tomas\LOCALS~1\Temp\~DF2BD4.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Tomas\Local Settings\Temporary Internet Files\Content.IE5\GTUNWPER\CAM34127.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tomas\Local Settings\Temporary Internet Files\Content.IE5\3EF3S1KG\CAQV0VTY.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tomas\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05172009_123601
ALE U SKENU TOHO SOUBORU MI TO PÍŠE, ŽE NELZE NALÉZT.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43293
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu, potřebuje helpnou pls
Zkus tam vložit do toho políčka toto:
c:\program files\MSXML43\setup.exe
a pak dej otestovat soubor.
c:\program files\MSXML43\setup.exe
a pak dej otestovat soubor.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 68 hostů