Nemám nic v SZ ( soukromé zprávy)..
Pokud máš ten odkaz tak ho tam pošli, klikni na můj nick a pak na SZ:poslat soukromou zprávu. Dík.
Nezapomeň vyplnit okénko předmět, tam napiš třeba Submit.
Prosím o kontrolu logu Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
ahoj tak sem ti to tam znovu poslal snad je to v pořádku
Re: Prosím o kontrolu logu
nový log HTJ
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:27, on 4.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
D:\Program files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SDM4500P] D:\Program Files\SWT2000\HCM.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
--
End of file - 6057 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:27, on 4.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
D:\Program files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SDM4500P] D:\Program Files\SWT2000\HCM.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
--
End of file - 6057 bytes
Re: Prosím o kontrolu logu
a ještě log z CF
ComboFix 09-02-04.01 - Musilovi 2009-02-04 20:30:32.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2047.1622 [GMT 1:00]
Spuštěný z: c:\documents and settings\Musilovi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Musilovi\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-04 do 2009-02-04 )))))))))))))))))))))))))))))))
.
2009-02-03 20:34 . 2009-02-03 20:34 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-03 18:04 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\Malwarebytes
2009-02-03 18:04 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-03 18:04 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 18:04 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-01 19:58 . 2009-02-01 19:58 <DIR> d-------- c:\windows\Puzzle Quest
2009-01-26 13:59 . 2009-01-26 15:37 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\Playrix Entertainment
2009-01-26 13:35 . 2009-01-26 15:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Playrix Entertainment
2009-01-26 12:42 . 2006-07-07 13:42 57,344 --a------ c:\windows\system32\Big Kahuna Reef.scr
2009-01-24 10:38 . 2009-01-24 10:38 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\VitySoft
2009-01-11 14:05 . 2009-01-11 14:05 <DIR> d-------- c:\windows\Sun
2009-01-11 13:30 . 2009-01-11 13:30 <DIR> d-------- c:\program files\Java
2009-01-11 13:30 . 2009-02-03 20:34 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-07 15:58 . 2009-01-07 16:23 <DIR> d-------- c:\windows\NV40723456.TMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 19:19 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-03 22:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-03 16:53 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Skype
2009-02-03 14:21 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-03 04:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-01 18:58 --------- d-----w c:\program files\OpenAL
2009-01-29 19:10 201,352 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-29 19:10 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-26 09:26 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\BSplayer PRO
2009-01-17 07:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 15:09 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\uTorrent
2009-01-13 18:02 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-13 16:42 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Azureus
2009-01-07 15:23 --------- d-----w c:\program files\AGEIA Technologies
2009-01-07 15:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-05 17:00 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\FileZilla
2008-12-22 14:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\MumboJumbo
2008-12-18 19:33 --------- d-----w c:\documents and settings\All Users\Data aplikací\Razer
2008-12-18 19:32 --------- d-----w c:\program files\Razer
2008-12-18 19:32 --------- d-----w c:\program files\DIFX
2008-12-13 12:58 --------- d-----w c:\documents and settings\All Users\Data aplikací\7Wonders2
2008-12-13 12:48 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\GameHouse
2008-12-10 15:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-12-10 15:10 --------- d-----w c:\program files\Microsoft.NET
2008-12-10 15:10 --------- d-----w c:\program files\Microsoft Works
2008-12-07 15:08 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Leadertech
2008-12-07 08:55 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\InstallShield
2008-12-07 08:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ubisoft
2008-12-07 08:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\InstallShield
2008-12-06 10:25 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Bella Sara
2008-11-24 18:07 16,608 ----a-w c:\windows\gdrv.sys
2008-10-24 05:56 22,328 ----a-w c:\documents and settings\Musilovi\Data aplikací\PnkBstrK.sys
2008-03-25 21:32 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2008-04-14 03:22 1,220,608 --sh--r c:\windows\system32\vbohost.exe
.
------- Sigcheck -------
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SDM4500P"="d:\program files\SWT2000\HCM.exe" [2003-03-12 974921]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.VSPX"= vspxvfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program files\\Codemasters\\DiRT\\DiRT.exe"=
"d:\\Program files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program files\\CZDC++\\CZDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program files\\uTorrent\\utorrent.exe"=
"e:\\Program files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"e:\\Program files\\America's Army\\System\\ArmyOps.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-06-10 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-18 12032]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-25 3584]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\Musilovi\Data aplikací\Mozilla\Firefox\Profiles\14v3eh79.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 20:31:16
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1a,db,4d,db,9b,18,8f,32,6b,f9,b3,3b,0d,fd,9c,ca,3a,d9,af,cc,b0,21,97,
81,b8,d2,f6,1a,cb,92,98,b3,5e,7e,2d,f6,39,be,b2,f2,e9,5c,a1,6b,ab,54,fc,b5,\
"??"=hex:6c,25,4a,62,36,54,5c,8c,d5,63,ab,68,21,1c,e9,b1
[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:25,cb,d8,6d,a5,75,2d,e2,6d,f3,cd,b5,a4,38,43,98,24,51,b8,98,74,
62,ca,74,83,7a,5b,ae,fc,5c,a0,10,d8,c7,2a,e5,a1,7c,6a,4d,ca,47,6d,f5,d4,e7,\
"rkeysecu"=hex:b6,1c,5e,e9,42,7e,5f,aa,f0,d8,66,a0,35,db,26,3c
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="496E888EE04FE2A6CDEFBBB78DA840BB5911BF5CBAB2CB18E5ACA387B7AF9C4C3E0350FDB5944EB3D1322769C501FCEC5EBB7014A954A158EA189630F3C7332B8CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555C038D530D6EB3452A2D97226D213B5552F62632134ACA27DEA65381187EE31C9567A826C4C99DA825336D190BB0599548EDEFE94B2A6CE41969DF1EAD43ED8DC0598824D34C23971AFC45D81162BC25E71188369BA035AD30503CDDE434ECF5D6342116C9BBB3A3A4173BEC678AD70801187269E680B041E1D7CBBC5F1E55A18AAEAF517BFEBCD2C33E3354062B05BB2281ABFCC9C406CD9CBE0CB07410225AD19789BA9246BC5EEB32924E1970B20BFF5B14D1AF9D61A99040135A1D5D33D916F4711190E08DA7B764C15B29DC53F46BF226F456AB3F53EB61E5129983E148EF424896C86C4A79EB1C8B3D1419F1EB9CA366B201874CB8160ED9DC3385C82C072555C3FDDD52DFC9F8ECEEC918B03DE65A82B0EF467CFEEFA1B3CA9A478C119350F03BF25254C09FD01DAC95FB01BD15CAB398A349195E48742732B9394EFDB8E7D9C33B2CE4E0F92F970404568F7028665C7214EA917998B762D2AFDE310A156BFED6EA0A6DE2BA1C34A3D9BC10CB1396CAC747E9AB192103EF79CA05087D7E2E7DB5E4CB18CD0752048408300327750CFDEB8C60426AC2013830CFC74A1BE157E7201D9A7C943DD40EFDC5E98253D2C90FC376ABA1C97CD62271859248D6CCB7D606BADF7EF9FAC4F67BDD4B58544B0A147CE714599572C8FDD73BC60DB486FD37743F143B9D0B968FA9CD0B7569CC46EA16E28DF0E43D56F43E2F463031067E430C41660461ADE999BC982AE03AE5452961D9D784B07E5CB9B401499DFD2A108A4BECBD69790FA695C2C5CE356B3CE9F52F3A7B30522FDE44A7C6F23ADF6110814158865189D704F743A164F803D289AA59F5D6AD669436A5B179E5590B4AAA4E0BE06FC1181A5B541002BA1162BD77C06E09B25BB845C82FBA800B78F99E78F1246C4C3B3CA86FE421E59BB1035DA710B8F03A517EEF649FD5935071484C670D2CB041391E0007D1B49A5B4C9672E9CF291F5DF2C7745CA57E7A1356B2D4861F182CCF8227D067A1349D457851F57111E661DF827C27809A028EEE34A19F27362B16736C1AD8FB016F974226510DDD8929D664E14C84D7A1B7F8BEEC5A750283C34E1BF30D495D0B64DD14872BFCCEF77DEFEEEE355FD8A25E6A760D8086D77B7790FBF0FA6187E2546812E1B0A344999615E1F6C88CA15C66E38F9613FDB4A3506851566AE19D23BFC59EFAC1DA7C7EB74BA55675479EDA8B7773022A7B282B8EE1E4FA3C920D8F41EF5DCDD7CBE4681778FBC7183D2591979E0AB41"
.
Celkový čas: 2009-02-04 20:32:06
ComboFix-quarantined-files.txt 2009-02-04 19:32:05
Před spuštěním: 6 777 950 208
Po spuštění: 6,765,441,024
168 --- E O F --- 2008-12-10 14:16:37
ComboFix 09-02-04.01 - Musilovi 2009-02-04 20:30:32.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2047.1622 [GMT 1:00]
Spuštěný z: c:\documents and settings\Musilovi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Musilovi\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-04 do 2009-02-04 )))))))))))))))))))))))))))))))
.
2009-02-03 20:34 . 2009-02-03 20:34 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-03 18:04 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\Malwarebytes
2009-02-03 18:04 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-03 18:04 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 18:04 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-01 19:58 . 2009-02-01 19:58 <DIR> d-------- c:\windows\Puzzle Quest
2009-01-26 13:59 . 2009-01-26 15:37 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\Playrix Entertainment
2009-01-26 13:35 . 2009-01-26 15:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Playrix Entertainment
2009-01-26 12:42 . 2006-07-07 13:42 57,344 --a------ c:\windows\system32\Big Kahuna Reef.scr
2009-01-24 10:38 . 2009-01-24 10:38 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\VitySoft
2009-01-11 14:05 . 2009-01-11 14:05 <DIR> d-------- c:\windows\Sun
2009-01-11 13:30 . 2009-01-11 13:30 <DIR> d-------- c:\program files\Java
2009-01-11 13:30 . 2009-02-03 20:34 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-07 15:58 . 2009-01-07 16:23 <DIR> d-------- c:\windows\NV40723456.TMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 19:19 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-03 22:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-03 16:53 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Skype
2009-02-03 14:21 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-03 04:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-01 18:58 --------- d-----w c:\program files\OpenAL
2009-01-29 19:10 201,352 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-29 19:10 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-26 09:26 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\BSplayer PRO
2009-01-17 07:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 15:09 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\uTorrent
2009-01-13 18:02 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-13 16:42 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Azureus
2009-01-07 15:23 --------- d-----w c:\program files\AGEIA Technologies
2009-01-07 15:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-05 17:00 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\FileZilla
2008-12-22 14:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\MumboJumbo
2008-12-18 19:33 --------- d-----w c:\documents and settings\All Users\Data aplikací\Razer
2008-12-18 19:32 --------- d-----w c:\program files\Razer
2008-12-18 19:32 --------- d-----w c:\program files\DIFX
2008-12-13 12:58 --------- d-----w c:\documents and settings\All Users\Data aplikací\7Wonders2
2008-12-13 12:48 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\GameHouse
2008-12-10 15:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-12-10 15:10 --------- d-----w c:\program files\Microsoft.NET
2008-12-10 15:10 --------- d-----w c:\program files\Microsoft Works
2008-12-07 15:08 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Leadertech
2008-12-07 08:55 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\InstallShield
2008-12-07 08:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ubisoft
2008-12-07 08:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\InstallShield
2008-12-06 10:25 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Bella Sara
2008-11-24 18:07 16,608 ----a-w c:\windows\gdrv.sys
2008-10-24 05:56 22,328 ----a-w c:\documents and settings\Musilovi\Data aplikací\PnkBstrK.sys
2008-03-25 21:32 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2008-04-14 03:22 1,220,608 --sh--r c:\windows\system32\vbohost.exe
.
------- Sigcheck -------
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SDM4500P"="d:\program files\SWT2000\HCM.exe" [2003-03-12 974921]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.VSPX"= vspxvfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program files\\Codemasters\\DiRT\\DiRT.exe"=
"d:\\Program files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program files\\CZDC++\\CZDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program files\\uTorrent\\utorrent.exe"=
"e:\\Program files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"e:\\Program files\\America's Army\\System\\ArmyOps.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-06-10 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-18 12032]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-25 3584]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\Musilovi\Data aplikací\Mozilla\Firefox\Profiles\14v3eh79.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 20:31:16
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1a,db,4d,db,9b,18,8f,32,6b,f9,b3,3b,0d,fd,9c,ca,3a,d9,af,cc,b0,21,97,
81,b8,d2,f6,1a,cb,92,98,b3,5e,7e,2d,f6,39,be,b2,f2,e9,5c,a1,6b,ab,54,fc,b5,\
"??"=hex:6c,25,4a,62,36,54,5c,8c,d5,63,ab,68,21,1c,e9,b1
[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:25,cb,d8,6d,a5,75,2d,e2,6d,f3,cd,b5,a4,38,43,98,24,51,b8,98,74,
62,ca,74,83,7a,5b,ae,fc,5c,a0,10,d8,c7,2a,e5,a1,7c,6a,4d,ca,47,6d,f5,d4,e7,\
"rkeysecu"=hex:b6,1c,5e,e9,42,7e,5f,aa,f0,d8,66,a0,35,db,26,3c
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="496E888EE04FE2A6CDEFBBB78DA840BB5911BF5CBAB2CB18E5ACA387B7AF9C4C3E0350FDB5944EB3D1322769C501FCEC5EBB7014A954A158EA189630F3C7332B8CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555C038D530D6EB3452A2D97226D213B5552F62632134ACA27DEA65381187EE31C9567A826C4C99DA825336D190BB0599548EDEFE94B2A6CE41969DF1EAD43ED8DC0598824D34C23971AFC45D81162BC25E71188369BA035AD30503CDDE434ECF5D6342116C9BBB3A3A4173BEC678AD70801187269E680B041E1D7CBBC5F1E55A18AAEAF517BFEBCD2C33E3354062B05BB2281ABFCC9C406CD9CBE0CB07410225AD19789BA9246BC5EEB32924E1970B20BFF5B14D1AF9D61A99040135A1D5D33D916F4711190E08DA7B764C15B29DC53F46BF226F456AB3F53EB61E5129983E148EF424896C86C4A79EB1C8B3D1419F1EB9CA366B201874CB8160ED9DC3385C82C072555C3FDDD52DFC9F8ECEEC918B03DE65A82B0EF467CFEEFA1B3CA9A478C119350F03BF25254C09FD01DAC95FB01BD15CAB398A349195E48742732B9394EFDB8E7D9C33B2CE4E0F92F970404568F7028665C7214EA917998B762D2AFDE310A156BFED6EA0A6DE2BA1C34A3D9BC10CB1396CAC747E9AB192103EF79CA05087D7E2E7DB5E4CB18CD0752048408300327750CFDEB8C60426AC2013830CFC74A1BE157E7201D9A7C943DD40EFDC5E98253D2C90FC376ABA1C97CD62271859248D6CCB7D606BADF7EF9FAC4F67BDD4B58544B0A147CE714599572C8FDD73BC60DB486FD37743F143B9D0B968FA9CD0B7569CC46EA16E28DF0E43D56F43E2F463031067E430C41660461ADE999BC982AE03AE5452961D9D784B07E5CB9B401499DFD2A108A4BECBD69790FA695C2C5CE356B3CE9F52F3A7B30522FDE44A7C6F23ADF6110814158865189D704F743A164F803D289AA59F5D6AD669436A5B179E5590B4AAA4E0BE06FC1181A5B541002BA1162BD77C06E09B25BB845C82FBA800B78F99E78F1246C4C3B3CA86FE421E59BB1035DA710B8F03A517EEF649FD5935071484C670D2CB041391E0007D1B49A5B4C9672E9CF291F5DF2C7745CA57E7A1356B2D4861F182CCF8227D067A1349D457851F57111E661DF827C27809A028EEE34A19F27362B16736C1AD8FB016F974226510DDD8929D664E14C84D7A1B7F8BEEC5A750283C34E1BF30D495D0B64DD14872BFCCEF77DEFEEEE355FD8A25E6A760D8086D77B7790FBF0FA6187E2546812E1B0A344999615E1F6C88CA15C66E38F9613FDB4A3506851566AE19D23BFC59EFAC1DA7C7EB74BA55675479EDA8B7773022A7B282B8EE1E4FA3C920D8F41EF5DCDD7CBE4681778FBC7183D2591979E0AB41"
.
Celkový čas: 2009-02-04 20:32:06
ComboFix-quarantined-files.txt 2009-02-04 19:32:05
Před spuštěním: 6 777 950 208
Po spuštění: 6,765,441,024
168 --- E O F --- 2008-12-10 14:16:37
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Díky za zaslání , pěknej prevít:
http://www.virustotal.com/cs/analisis/3 ... 216cde0854
takže ještě jeden script v CF:
Postup stejný jako předtím, vypni ochrany a vlož sem log z CF a HJT.
http://www.virustotal.com/cs/analisis/3 ... 216cde0854
takže ještě jeden script v CF:
Kód: Vybrat vše
KillAll::
File::
c:\windows\system32\vbohost.exePostup stejný jako předtím, vypni ochrany a vlož sem log z CF a HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
jj du na to
Re: Prosím o kontrolu logu
ComboFix 09-02-04.01 - Musilovi 2009-02-04 21:24:57.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2047.1605 [GMT 1:00]
Spuštěný z: c:\documents and settings\Musilovi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Musilovi\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
* Resident AV is active
FILE ::
c:\windows\system32\vbohost.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\vbohost.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-04 do 2009-02-04 )))))))))))))))))))))))))))))))
.
2009-02-03 20:34 . 2009-02-03 20:34 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-03 18:04 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\Malwarebytes
2009-02-03 18:04 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-03 18:04 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 18:04 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-01 19:58 . 2009-02-01 19:58 <DIR> d-------- c:\windows\Puzzle Quest
2009-01-26 13:59 . 2009-01-26 15:37 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\Playrix Entertainment
2009-01-26 13:35 . 2009-01-26 15:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Playrix Entertainment
2009-01-26 12:42 . 2006-07-07 13:42 57,344 --a------ c:\windows\system32\Big Kahuna Reef.scr
2009-01-24 10:38 . 2009-01-24 10:38 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\VitySoft
2009-01-11 14:05 . 2009-01-11 14:05 <DIR> d-------- c:\windows\Sun
2009-01-11 13:30 . 2009-01-11 13:30 <DIR> d-------- c:\program files\Java
2009-01-11 13:30 . 2009-02-03 20:34 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-07 15:58 . 2009-01-07 16:23 <DIR> d-------- c:\windows\NV40723456.TMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 19:19 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-03 22:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-03 16:53 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Skype
2009-02-03 14:21 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-03 04:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-01 18:58 --------- d-----w c:\program files\OpenAL
2009-01-29 19:10 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-26 09:26 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\BSplayer PRO
2009-01-17 07:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 15:09 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\uTorrent
2009-01-13 16:42 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Azureus
2009-01-07 15:23 --------- d-----w c:\program files\AGEIA Technologies
2009-01-07 15:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-05 17:00 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\FileZilla
2008-12-22 14:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\MumboJumbo
2008-12-18 19:33 --------- d-----w c:\documents and settings\All Users\Data aplikací\Razer
2008-12-18 19:32 --------- d-----w c:\program files\Razer
2008-12-18 19:32 --------- d-----w c:\program files\DIFX
2008-12-13 12:58 --------- d-----w c:\documents and settings\All Users\Data aplikací\7Wonders2
2008-12-13 12:48 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\GameHouse
2008-12-10 15:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-12-10 15:10 --------- d-----w c:\program files\Microsoft.NET
2008-12-10 15:10 --------- d-----w c:\program files\Microsoft Works
2008-12-07 15:08 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Leadertech
2008-12-07 08:55 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\InstallShield
2008-12-07 08:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ubisoft
2008-12-07 08:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\InstallShield
2008-12-06 10:25 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Bella Sara
2008-11-24 18:07 16,608 ----a-w c:\windows\gdrv.sys
2008-10-24 05:56 22,328 ----a-w c:\documents and settings\Musilovi\Data aplikací\PnkBstrK.sys
2008-03-25 21:32 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
.
------- Sigcheck -------
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2009-02-04_20.31.33,37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-04 20:26:23 16,384 ----atw c:\windows\temp\Perflib_Perfdata_4b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SDM4500P"="d:\program files\SWT2000\HCM.exe" [2003-03-12 974921]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.VSPX"= vspxvfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program files\\Codemasters\\DiRT\\DiRT.exe"=
"d:\\Program files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program files\\CZDC++\\CZDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program files\\uTorrent\\utorrent.exe"=
"e:\\Program files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"e:\\Program files\\America's Army\\System\\ArmyOps.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-06-10 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-18 12032]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-25 3584]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\Musilovi\Data aplikací\Mozilla\Firefox\Profiles\14v3eh79.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 21:26:42
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1a,db,4d,db,9b,18,8f,32,6b,f9,b3,3b,0d,fd,9c,ca,3a,d9,af,cc,b0,21,97,
81,b8,d2,f6,1a,cb,92,98,b3,5e,7e,2d,f6,39,be,b2,f2,e9,5c,a1,6b,ab,54,fc,b5,\
"??"=hex:6c,25,4a,62,36,54,5c,8c,d5,63,ab,68,21,1c,e9,b1
[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:25,cb,d8,6d,a5,75,2d,e2,6d,f3,cd,b5,a4,38,43,98,24,51,b8,98,74,
62,ca,74,83,7a,5b,ae,fc,5c,a0,10,d8,c7,2a,e5,a1,7c,6a,4d,ca,47,6d,f5,d4,e7,\
"rkeysecu"=hex:b6,1c,5e,e9,42,7e,5f,aa,f0,d8,66,a0,35,db,26,3c
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="496E888EE04FE2A6CDEFBBB78DA840BB5911BF5CBAB2CB18E5ACA387B7AF9C4C3E0350FDB5944EB3D1322769C501FCEC5EBB7014A954A158EA189630F3C7332B8CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555C038D530D6EB3452A2D97226D213B5552F62632134ACA27DEA65381187EE31C9567A826C4C99DA825336D190BB0599548EDEFE94B2A6CE41969DF1EAD43ED8DC0598824D34C23971AFC45D81162BC25E71188369BA035AD30503CDDE434ECF5D6342116C9BBB3A3A4173BEC678AD70801187269E680B041E1D7CBBC5F1E55A18AAEAF517BFEBCD2C33E3354062B05BB2281ABFCC9C406CD9CBE0CB07410225AD19789BA9246BC5EEB32924E1970B20BFF5B14D1AF9D61A99040135A1D5D33D916F4711190E08DA7B764C15B29DC53F46BF226F456AB3F53EB61E5129983E148EF424896C86C4A79EB1C8B3D1419F1EB9CA366B201874CB8160ED9DC3385C82C072555C3FDDD52DFC9F8ECEEC918B03DE65A82B0EF467CFEEFA1B3CA9A478C119350F03BF25254C09FD01DAC95FB01BD15CAB398A349195E48742732B9394EFDB8E7D9C33B2CE4E0F92F970404568F7028665C7214EA917998B762D2AFDE310A156BFED6EA0A6DE2BA1C34A3D9BC10CB1396CAC747E9AB192103EF79CA05087D7E2E7DB5E4CB18CD0752048408300327750CFDEB8C60426AC2013830CFC74A1BE157E7201D9A7C943DD40EFDC5E98253D2C90FC376ABA1C97CD62271859248D6CCB7D606BADF7EF9FAC4F67BDD4B58544B0A147CE714599572C8FDD73BC60DB486FD37743F143B9D0B968FA9CD0B7569CC46EA16E28DF0E43D56F43E2F463031067E430C41660461ADE999BC982AE03AE5452961D9D784B07E5CB9B401499DFD2A108A4BECBD69790FA695C2C5CE356B3CE9F52F3A7B30522FDE44A7C6F23ADF6110814158865189D704F743A164F803D289AA59F5D6AD669436A5B179E5590B4AAA4E0BE06FC1181A5B541002BA1162BD77C06E09B25BB845C82FBA800B78F99E78F1246C4C3B3CA86FE421E59BB1035DA710B8F03A517EEF649FD5935071484C670D2CB041391E0007D1B49A5B4C9672E9CF291F5DF2C7745CA57E7A1356B2D4861F182CCF8227D067A1349D457851F57111E661DF827C27809A028EEE34A19F27362B16736C1AD8FB016F974226510DDD8929D664E14C84D7A1B7F8BEEC5A750283C34E1BF30D495D0B64DD14872BFCCEF77DEFEEEE355FD8A25E6A760D8086D77B7790FBF0FA6187E2546812E1B0A344999615E1F6C88CA15C66E38F9613FDB4A3506851566AE19D23BFC59EFAC1DA7C7EB74BA55675479EDA8B7773022A7B282B8EE1E4FA3C920D8F41EF5DCDD7CBE4681778FBC7183D2591979E0AB41"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-02-04 21:28:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-02-04 20:28:55
ComboFix2.txt 2009-02-04 19:32:07
Před spuštěním: 6 719 889 408
Po spuštění: 6,706,016,256
191 --- E O F --- 2008-12-10 14:16:37
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.2047.1605 [GMT 1:00]
Spuštěný z: c:\documents and settings\Musilovi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Musilovi\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Vytvořen nový Bod Obnovení
* Resident AV is active
FILE ::
c:\windows\system32\vbohost.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\vbohost.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-04 do 2009-02-04 )))))))))))))))))))))))))))))))
.
2009-02-03 20:34 . 2009-02-03 20:34 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-03 18:04 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\Malwarebytes
2009-02-03 18:04 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-03 18:04 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-03 18:04 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-01 19:58 . 2009-02-01 19:58 <DIR> d-------- c:\windows\Puzzle Quest
2009-01-26 13:59 . 2009-01-26 15:37 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\Playrix Entertainment
2009-01-26 13:35 . 2009-01-26 15:22 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Playrix Entertainment
2009-01-26 12:42 . 2006-07-07 13:42 57,344 --a------ c:\windows\system32\Big Kahuna Reef.scr
2009-01-24 10:38 . 2009-01-24 10:38 <DIR> d-------- c:\documents and settings\Musilovi\Data aplikací\VitySoft
2009-01-11 14:05 . 2009-01-11 14:05 <DIR> d-------- c:\windows\Sun
2009-01-11 13:30 . 2009-01-11 13:30 <DIR> d-------- c:\program files\Java
2009-01-11 13:30 . 2009-02-03 20:34 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-07 15:58 . 2009-01-07 16:23 <DIR> d-------- c:\windows\NV40723456.TMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 19:19 --------- d-----w c:\program files\Mozilla Thunderbird
2009-02-03 22:15 --------- d-----w c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-02-03 16:53 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Skype
2009-02-03 14:21 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-03 04:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-01 18:58 --------- d-----w c:\program files\OpenAL
2009-01-29 19:10 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-26 09:26 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\BSplayer PRO
2009-01-17 07:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 15:09 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\uTorrent
2009-01-13 16:42 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Azureus
2009-01-07 15:23 --------- d-----w c:\program files\AGEIA Technologies
2009-01-07 15:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-05 17:00 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\FileZilla
2008-12-22 14:47 --------- d-----w c:\documents and settings\All Users\Data aplikací\MumboJumbo
2008-12-18 19:33 --------- d-----w c:\documents and settings\All Users\Data aplikací\Razer
2008-12-18 19:32 --------- d-----w c:\program files\Razer
2008-12-18 19:32 --------- d-----w c:\program files\DIFX
2008-12-13 12:58 --------- d-----w c:\documents and settings\All Users\Data aplikací\7Wonders2
2008-12-13 12:48 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\GameHouse
2008-12-10 15:14 --------- d-----w c:\documents and settings\All Users\Data aplikací\Microsoft Help
2008-12-10 15:10 --------- d-----w c:\program files\Microsoft.NET
2008-12-10 15:10 --------- d-----w c:\program files\Microsoft Works
2008-12-07 15:08 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Leadertech
2008-12-07 08:55 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\InstallShield
2008-12-07 08:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\Ubisoft
2008-12-07 08:55 --------- d-----w c:\documents and settings\All Users\Data aplikací\InstallShield
2008-12-06 10:25 --------- d-----w c:\documents and settings\Musilovi\Data aplikací\Bella Sara
2008-11-24 18:07 16,608 ----a-w c:\windows\gdrv.sys
2008-10-24 05:56 22,328 ----a-w c:\documents and settings\Musilovi\Data aplikací\PnkBstrK.sys
2008-03-25 21:32 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
.
------- Sigcheck -------
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 cbeebeb899e31ef52b962cb31fc8ca5c c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2009-02-04_20.31.33,37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-04 20:26:23 16,384 ----atw c:\windows\temp\Perflib_Perfdata_4b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SDM4500P"="d:\program files\SWT2000\HCM.exe" [2003-03-12 974921]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.VSPX"= vspxvfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program files\\BitLord\\BitLord.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program files\\Codemasters\\DiRT\\DiRT.exe"=
"d:\\Program files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program files\\CZDC++\\CZDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program files\\uTorrent\\utorrent.exe"=
"e:\\Program files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"e:\\Program files\\America's Army\\System\\ArmyOps.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 55160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-06-10 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-12-18 12032]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-25 3584]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/L ... nstall.cab
FF - ProfilePath - c:\documents and settings\Musilovi\Data aplikací\Mozilla\Firefox\Profiles\14v3eh79.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-04 21:26:42
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1a,db,4d,db,9b,18,8f,32,6b,f9,b3,3b,0d,fd,9c,ca,3a,d9,af,cc,b0,21,97,
81,b8,d2,f6,1a,cb,92,98,b3,5e,7e,2d,f6,39,be,b2,f2,e9,5c,a1,6b,ab,54,fc,b5,\
"??"=hex:6c,25,4a,62,36,54,5c,8c,d5,63,ab,68,21,1c,e9,b1
[HKEY_USERS\S-1-5-21-1454471165-1659004503-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:25,cb,d8,6d,a5,75,2d,e2,6d,f3,cd,b5,a4,38,43,98,24,51,b8,98,74,
62,ca,74,83,7a,5b,ae,fc,5c,a0,10,d8,c7,2a,e5,a1,7c,6a,4d,ca,47,6d,f5,d4,e7,\
"rkeysecu"=hex:b6,1c,5e,e9,42,7e,5f,aa,f0,d8,66,a0,35,db,26,3c
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="496E888EE04FE2A6CDEFBBB78DA840BB5911BF5CBAB2CB18E5ACA387B7AF9C4C3E0350FDB5944EB3D1322769C501FCEC5EBB7014A954A158EA189630F3C7332B8CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B555C038D530D6EB3452A2D97226D213B5552F62632134ACA27DEA65381187EE31C9567A826C4C99DA825336D190BB0599548EDEFE94B2A6CE41969DF1EAD43ED8DC0598824D34C23971AFC45D81162BC25E71188369BA035AD30503CDDE434ECF5D6342116C9BBB3A3A4173BEC678AD70801187269E680B041E1D7CBBC5F1E55A18AAEAF517BFEBCD2C33E3354062B05BB2281ABFCC9C406CD9CBE0CB07410225AD19789BA9246BC5EEB32924E1970B20BFF5B14D1AF9D61A99040135A1D5D33D916F4711190E08DA7B764C15B29DC53F46BF226F456AB3F53EB61E5129983E148EF424896C86C4A79EB1C8B3D1419F1EB9CA366B201874CB8160ED9DC3385C82C072555C3FDDD52DFC9F8ECEEC918B03DE65A82B0EF467CFEEFA1B3CA9A478C119350F03BF25254C09FD01DAC95FB01BD15CAB398A349195E48742732B9394EFDB8E7D9C33B2CE4E0F92F970404568F7028665C7214EA917998B762D2AFDE310A156BFED6EA0A6DE2BA1C34A3D9BC10CB1396CAC747E9AB192103EF79CA05087D7E2E7DB5E4CB18CD0752048408300327750CFDEB8C60426AC2013830CFC74A1BE157E7201D9A7C943DD40EFDC5E98253D2C90FC376ABA1C97CD62271859248D6CCB7D606BADF7EF9FAC4F67BDD4B58544B0A147CE714599572C8FDD73BC60DB486FD37743F143B9D0B968FA9CD0B7569CC46EA16E28DF0E43D56F43E2F463031067E430C41660461ADE999BC982AE03AE5452961D9D784B07E5CB9B401499DFD2A108A4BECBD69790FA695C2C5CE356B3CE9F52F3A7B30522FDE44A7C6F23ADF6110814158865189D704F743A164F803D289AA59F5D6AD669436A5B179E5590B4AAA4E0BE06FC1181A5B541002BA1162BD77C06E09B25BB845C82FBA800B78F99E78F1246C4C3B3CA86FE421E59BB1035DA710B8F03A517EEF649FD5935071484C670D2CB041391E0007D1B49A5B4C9672E9CF291F5DF2C7745CA57E7A1356B2D4861F182CCF8227D067A1349D457851F57111E661DF827C27809A028EEE34A19F27362B16736C1AD8FB016F974226510DDD8929D664E14C84D7A1B7F8BEEC5A750283C34E1BF30D495D0B64DD14872BFCCEF77DEFEEEE355FD8A25E6A760D8086D77B7790FBF0FA6187E2546812E1B0A344999615E1F6C88CA15C66E38F9613FDB4A3506851566AE19D23BFC59EFAC1DA7C7EB74BA55675479EDA8B7773022A7B282B8EE1E4FA3C920D8F41EF5DCDD7CBE4681778FBC7183D2591979E0AB41"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2009-02-04 21:28:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-02-04 20:28:55
ComboFix2.txt 2009-02-04 19:32:07
Před spuštěním: 6 719 889 408
Po spuštění: 6,706,016,256
191 --- E O F --- 2008-12-10 14:16:37
Re: Prosím o kontrolu logu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:55, on 4.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\explorer.exe
D:\Program files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SDM4500P] D:\Program Files\SWT2000\HCM.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
--
End of file - 5760 bytes
Scan saved at 21:29:55, on 4.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\explorer.exe
D:\Program files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SDM4500P] D:\Program Files\SWT2000\HCM.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - CODEMASTERS - C:\WINDOWS\system32\pr2ah4nc.exe
--
End of file - 5760 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Paráda..
Zase si zapni všechny ochrany.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
Pokud nejsou problémy je to vše a můžeš dát vyřešeno, fajfku.
Zase si zapni všechny ochrany.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
Pokud nejsou problémy je to vše a můžeš dát vyřešeno, fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
JARO ta automatická aktualizace windows pořád nejde ale vše ostatní je už v pořádku
Re: Prosím o kontrolu logu
hledal sem to v start mscofig služby jestli to tam nemám náhodou vypnutý a zjistil sem že mi tam ta služba chybí přitom by tam měla bejt nebo ne ??
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
jj, zkus toto:
Stáhni si Dial-a-fix
Fix Windows Update - Opraví problémy se stahováním a instalováním aktualizací Windows Update.
klikni na fix Windows Update,potom na Go
Když to nepomůže-
Klikni na kladívko-další možnosti:
Reinstall Automatic Updates service - Pokusí se o reinstalaci služby zajišťující automatické aktualizace (případná potřeba instalačního media Windows). klik a potom na go.
Napiš jestli to pomohlo, jinak zkusíme něco jiného.
Stáhni si Dial-a-fix
Fix Windows Update - Opraví problémy se stahováním a instalováním aktualizací Windows Update.
klikni na fix Windows Update,potom na Go
Když to nepomůže-
Klikni na kladívko-další možnosti:
Reinstall Automatic Updates service - Pokusí se o reinstalaci služby zajišťující automatické aktualizace (případná potřeba instalačního media Windows). klik a potom na go.
Napiš jestli to pomohlo, jinak zkusíme něco jiného.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 32 hostů