PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Prosim o zkontrolování logu

https://pc-help.cnews.cz/viewtopic.php?f=70&t=31764

Stránka 1 z 1

Prosim o zkontrolování logu

Napsal: 02 říj 2008 15:21
od dior
počítač se chová divně.. podezření na vir
díky za pomoc

Logfile of HijackThis v1.99.1
Scan saved at 15:11:15, on 2.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programy\Avast\aswUpdSv.exe
D:\Programy\Avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
D:\Programy\Spyware Terminator\sp_rsser.exe
D:\Programy\Avast\ashMaiSv.exe
D:\Programy\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
D:\Programy\Avast\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6\ICQ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Dior\LOCALS~1\Temp\Rar$EX00.265\HijackThis.exe
C:\DOCUME~1\Dior\LOCALS~1\Temp\Rar$EX00.734\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: 931928 helper - {5F6D7A37-A3D1-47F1-920D-3F48370D509B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {E1725C95-24F5-4365-BF34-98910A5468B1} - (no file)
O2 - BHO: (no name) - {FDA696A7-5040-467A-A44E-EBA7C74DFD53} - (no file)
O3 - Toolbar: (no name) - {63733480-2CC8-4334-8627-35651AAF74F4} - (no file)
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast!] D:\Programy\Avast\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - D:\Programy\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: nnnnNGwU - nnnnNGwU.dll (file missing)
O20 - Winlogon Notify: opnlJbaa - opnlJbaa.dll (file missing)
O21 - SSODL: qegbdmwf - {6B406867-DF50-48C5-85AD-B9509F53D48C} - (no file)
O21 - SSODL: pntqkflv - {11D79C4B-D191-4567-9AE5-1F66C5416D7B} - (no file)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\WINDOWS\System32\appdrvrem01.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programy\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programy\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programy\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Programy\Spyware Terminator\sp_rsser.exe

Re: Prosim o zkontrolování logu

Napsal: 02 říj 2008 15:39
od jaro3
Vítej na fóru PC-HELP!
Pokud máš verzi win 32 bitovou:
Vypni rez. ochranu u Avastu a rez. štít u SpywareTerminatoru.
Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Re: Prosim o zkontrolování logu

Napsal: 02 říj 2008 21:10
od dior
ComboFix 08-10-01.06 - Dior 2008-10-02 20:53:53.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.3034 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Dior\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMe33f6401.txt
C:\WINDOWS\BMe33f6401.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\_000111_.tmp.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Soubory vytvořené od 2008-09-02 do 2008-10-02 )))))))))))))))))))))))))))))))
.

2008-10-01 18:40 . 2008-10-01 18:40 1,270 --a------ C:\b.bmp
2008-10-01 18:23 . 2008-10-01 18:40 1,270 --a------ C:\a.bmp
2008-10-01 18:15 . 2008-10-01 18:15 630 --a------ C:\24400000.bmp
2008-10-01 17:59 . 2008-10-01 18:01 630 --a------ C:\6.bmp
2008-10-01 16:58 . <DIR> C:\Documents and Settings\Dior\Data aplikací\gtk-2.0
2008-10-01 16:58 . <DIR> C:\Documents and Settings\Dior\Data aplikací\gtk-2.0
2008-10-01 16:58 . <DIR> C:\Documents and Settings\Dior\Data aplikací\gtk-2.0
2008-10-01 16:41 . 2008-10-01 16:41 <DIR> d-------- C:\Documents and Settings\Dior\.thumbnails
2008-10-01 15:16 . 2008-10-01 18:41 <DIR> d-------- C:\Documents and Settings\Dior\.gimp-2.4
2008-09-30 19:30 . 2008-09-30 19:40 17,490,211 --a------ C:\system.rar
2008-09-30 17:23 . 2008-09-30 17:23 15,415 --a------ C:\titulky4x06cz.zip
2008-09-29 21:39 . 2008-09-29 21:39 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-09-29 21:39 . <DIR> C:\Documents and Settings\Dior\Data aplikací\teamspeak2
2008-09-29 21:39 . <DIR> C:\Documents and Settings\Dior\Data aplikací\teamspeak2
2008-09-29 21:39 . <DIR> C:\Documents and Settings\Dior\Data aplikací\teamspeak2
2008-09-29 21:39 . 2008-09-29 21:39 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-09-28 22:30 . 2007-03-16 10:19 5,174 -ra------ C:\WINDOWS\system32\nppt9x.vxd
2008-09-28 22:30 . 2007-03-16 10:19 4,682 -ra------ C:\WINDOWS\system32\npptNT2.sys
2008-09-27 12:52 . 2008-09-28 12:52 <DIR> d-------- C:\Program Files\mIRC
2008-09-27 12:52 . <DIR> C:\Documents and Settings\Dior\Data aplikací\mIRC
2008-09-27 12:52 . <DIR> C:\Documents and Settings\Dior\Data aplikací\mIRC
2008-09-27 12:52 . <DIR> C:\Documents and Settings\Dior\Data aplikací\mIRC
2008-09-25 12:31 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll
2008-09-25 12:31 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-25 12:31 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll
2008-09-25 12:31 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll
2008-09-25 12:31 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll
2008-09-25 12:31 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-25 12:30 . 2008-09-25 12:30 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-09-25 12:28 . 2008-09-25 12:28 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-25 12:28 . 2008-09-25 12:28 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-09-25 12:28 . 2008-09-25 12:28 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-09-24 16:58 . <DIR> C:\Documents and Settings\Dior\Data aplikací\Spyware Terminator
2008-09-24 16:58 . <DIR> C:\Documents and Settings\Dior\Data aplikací\Spyware Terminator
2008-09-24 16:58 . <DIR> C:\Documents and Settings\Dior\Data aplikací\Spyware Terminator
2008-09-24 16:58 . 2008-09-24 16:58 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-24 16:45 . <DIR> C:\Documents and Settings\Dior\Data aplikací\SUPERAntiSpyware.com
2008-09-24 16:45 . <DIR> C:\Documents and Settings\Dior\Data aplikací\SUPERAntiSpyware.com
2008-09-24 16:45 . <DIR> C:\Documents and Settings\Dior\Data aplikací\SUPERAntiSpyware.com
2008-09-24 16:41 . 2008-09-24 16:41 <DIR> d-------- C:\Program Files\Java
2008-09-24 16:41 . 2008-09-24 16:41 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-24 16:41 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-24 16:40 . <DIR> C:\Documents and Settings\Dior\Data aplikací\Sun
2008-09-24 16:40 . <DIR> C:\Documents and Settings\Dior\Data aplikací\Sun
2008-09-24 16:40 . <DIR> C:\Documents and Settings\Dior\Data aplikací\Sun
2008-09-24 16:37 . 2008-09-24 16:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-22 19:02 . 2008-09-23 14:35 1,014,201 ---hs---- C:\WINDOWS\system32\wjoqclcr.ini
2008-09-21 18:59 . 2008-09-22 19:01 1,013,901 --ahs---- C:\WINDOWS\system32\qgbjuoxm.ini
2008-09-20 19:02 . 2008-09-21 09:29 980,859 --ahs---- C:\WINDOWS\system32\xendrskp.ini
2008-09-19 19:02 . 2008-09-20 11:53 980,619 --ahs---- C:\WINDOWS\system32\nwvghrmt.ini
2008-09-19 18:56 . 2008-09-23 14:15 372,876 --ahs---- C:\WINDOWS\system32\HknUEfhk.ini2
2008-09-19 18:56 . 2008-09-23 14:17 372,876 --ahs---- C:\WINDOWS\system32\HknUEfhk.ini
2008-09-18 23:03 . 2008-09-19 18:51 980,499 --ahs---- C:\WINDOWS\system32\pisshsbr.ini
2008-09-18 23:02 . 2008-09-19 18:50 376,855 --ahs---- C:\WINDOWS\system32\JSsvDfhk.ini
2008-09-18 23:02 . 2008-09-19 18:47 376,823 --ahs---- C:\WINDOWS\system32\JSsvDfhk.ini2
2008-09-18 15:12 . 2008-09-18 15:12 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-18 01:48 . 2008-09-18 01:48 2,915,944 --a------ C:\WINDOWS\system32\drivers\appdrv01.sys
2008-09-16 16:35 . 2008-09-18 15:12 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-09-16 16:09 . 2008-09-16 16:09 <DIR> d-------- C:\WINDOWS\Logs
2008-09-12 15:00 . <DIR> C:\Documents and Settings\Dior\Data aplikací\SPORE
2008-09-12 15:00 . <DIR> C:\Documents and Settings\Dior\Data aplikací\SPORE
2008-09-12 15:00 . <DIR> C:\Documents and Settings\Dior\Data aplikací\SPORE
2008-09-12 14:37 . 2003-06-19 00:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-09-12 14:37 . 2008-09-12 14:37 382 --a------ C:\WINDOWS\ODBC.INI
2008-09-12 14:36 . 2008-09-12 14:36 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-12 14:36 . 2008-09-12 14:36 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-12 14:24 . <DIR> C:\Documents and Settings\Dior\Data aplikací\SporeCreatureCreator
2008-09-12 14:24 . <DIR> C:\Documents and Settings\Dior\Data aplikací\SporeCreatureCreator
2008-09-12 14:24 . <DIR> C:\Documents and Settings\Dior\Data aplikací\SporeCreatureCreator
2008-09-11 20:17 . 2008-09-30 22:27 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-11 19:52 . <DIR> C:\Documents and Settings\Dior\Data aplikací\Nero
2008-09-11 19:52 . <DIR> C:\Documents and Settings\Dior\Data aplikací\Nero
2008-09-11 19:52 . <DIR> C:\Documents and Settings\Dior\Data aplikací\Nero
2008-09-11 19:47 . 2008-09-11 19:47 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-09-11 16:42 . 2008-09-11 16:42 <DIR> d---s---- C:\Documents and Settings\Dior\UserData
2008-09-10 22:37 . <DIR> C:\Documents and Settings\Dior\Data aplikací\SPORE Creature Creator
2008-09-10 22:37 . <DIR> C:\Documents and Settings\Dior\Data aplikací\SPORE Creature Creator
2008-09-10 22:37 . <DIR> C:\Documents and Settings\Dior\Data aplikací\SPORE Creature Creator
2008-09-10 17:43 . <DIR> C:\Documents and Settings\Dior\Data aplikací\ValuSoft
2008-09-10 17:43 . <DIR> C:\Documents and Settings\Dior\Data aplikací\ValuSoft
2008-09-10 17:43 . <DIR> C:\Documents and Settings\Dior\Data aplikací\ValuSoft
2008-09-08 11:33 . 2008-09-08 11:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-08 11:30 . 2008-09-08 11:30 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2008-09-08 11:30 . 2008-09-08 11:30 472,576 --a------ C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-09-02 12:36 . 2008-09-02 12:36 <DIR> d-------- C:\Program Files\AMD
2008-09-02 12:36 . 2007-06-29 14:47 34,304 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-02 18:39 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\Skype
2008-10-02 18:39 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\Skype
2008-10-02 18:39 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\Skype
2008-09-26 22:10 --------- d-----w C:\Program Files\ATI Technologies
2008-09-25 11:22 --------- d-s---w C:\Documents and Settings\Dior\Data aplikací\Microsoft
2008-09-25 11:22 --------- d-s---w C:\Documents and Settings\Dior\Data aplikací\Microsoft
2008-09-25 11:22 --------- d-s---w C:\Documents and Settings\Dior\Data aplikací\Microsoft
2008-09-25 10:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-24 13:15 --------- d-----w C:\Program Files\ICQ6
2008-09-23 16:20 137,728 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-13 22:18 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\Hamachi
2008-09-13 22:18 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\Hamachi
2008-09-13 22:18 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\Hamachi
2008-09-12 12:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-05 11:25 --------- d-----w C:\Program Files\Alwil Software
2008-09-02 19:24 --------- d-----w C:\Program Files\Hamachi
2008-08-28 07:13 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-21 04:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-21 01:17 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-08-17 19:49 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\Bioshock
2008-08-17 19:49 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\Bioshock
2008-08-17 19:49 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\Bioshock
2008-08-16 10:34 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\ICQ
2008-08-16 10:34 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\ICQ
2008-08-16 10:34 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\ICQ
2008-08-08 09:47 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\InstallShield
2008-08-08 09:47 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\InstallShield
2008-08-08 09:47 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\InstallShield
2008-08-02 09:50 --------- d-----w C:\Program Files\Analog Devices
2008-08-02 09:48 --------- d-----w C:\Program Files\Creative
2008-07-19 22:07 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-07-19 22:07 249,856 ------w C:\WINDOWS\Setup1.exe
2008-06-28 17:04 894 --sha-w C:\WINDOWS\system32\BbJiOXyb.ini2
2008-06-30 15:38 95,985 --sha-w C:\WINDOWS\system32\LkjTDfii.ini2
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Programy\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 D:\Programy\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 16:06 1840424 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-03 14:07 1576176 D:\Programy\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\hry\\stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"D:\\hry\\stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"D:\\hry\\Sacred Underworld\\gameserver.exe"=
"D:\\hry\\Sacred Underworld\\sacred.exe"=
"D:\\hry\\cs\\hl.exe"=
"D:\\hry\\cs\\cstrike.exe"=
"D:\\hry\\fifa08\\FIFA08.exe"=
"D:\\hry\\aoe\\age3x.exe"=
"D:\\hry\\aoe\\age3y.exe"=
"D:\\hry\\bf\\BF2.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"D:\\hry\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"D:\\hry\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
"D:\\hry\\sacred2demo\\system\\s2gs.exe"=
"D:\\hry\\sacred2demo\\system\\sacred2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-09-18 2915944]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 69120]
S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc [ ]
S3 npkycryp;npkycryp;D:\hry\lineage2\HellBound\system\npkycryp.sys [ ]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{E1725C95-24F5-4365-BF34-98910A5468B1} - (no file)
BHO-{FDA696A7-5040-467A-A44E-EBA7C74DFD53} - (no file)
ShellExecuteHooks-{39E06D62-AA5E-4E40-8ADC-E22CCB4BD55C} - (no file)
SSODL-qegbdmwf-{6B406867-DF50-48C5-85AD-B9509F53D48C} - (no file)
SSODL-pntqkflv-{11D79C4B-D191-4567-9AE5-1F66C5416D7B} - (no file)
Notify-nnnnNGwU - nnnnNGwU.dll
Notify-opnlJbaa - opnlJbaa.dll


.
------- Doplňkový sken -------
.
O8 -: E&xportovať do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-02 20:56:29
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
D:\Programy\Avast\aswUpdSv.exe
D:\Programy\Avast\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\PnkBstrA.exe
D:\Programy\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wdfmgr.exe
D:\Programy\Avast\ashMaiSv.exe
D:\Programy\Avast\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Celkový čas: 2008-10-02 20:57:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-10-02 18:57:09

Před spuštěním: 2˙573˙266˙944
Po spuštění: 2,572,857,344

245

Re: Prosim o zkontrolování logu

Napsal: 02 říj 2008 22:54
od jaro3
Budeme muset pokračovat zítra s případným odesláním souborů na virustotal.

Re: Prosim o zkontrolování logu

Napsal: 03 říj 2008 15:56
od jaro3
Otestuj toto na Virustotal:http://www.virustotal.com/
návod zde:http://www.pc-help.cz/viewtopic.php?f=70&t=5121
C:\WINDOWS\system32\wjoqclcr.ini
C:\WINDOWS\system32\qgbjuoxm.ini
C:\WINDOWS\system32\xendrskp.ini
C:\WINDOWS\system32\nwvghrmt.ini
C:\WINDOWS\system32\HknUEfhk.ini2
C:\WINDOWS\system32\HknUEfhk.ini
C:\WINDOWS\system32\pisshsbr.ini
C:\WINDOWS\system32\JSsvDfhk.ini
C:\WINDOWS\system32\JSsvDfhk.ini2
C:\WINDOWS\system32\BbJiOXyb.ini2
C:\WINDOWS\system32\LkjTDfii.ini2
Bohužel nevím , zda berou soubory .ini. Nebo se do nich podívej , co je to zač, myslím , že by se to mohlo odstřelit..je divné , že to ComboFix neudělal.
Registr opravíme později, napiš výsledky.
Jo a vlož sem ještě log z HJT, aktuální verzi!

Re: Prosim o zkontrolování logu

Napsal: 05 říj 2008 12:18
od dior
virustotal vubec nedokaze rozeznat .ini/.ini2, takze nevim co s nimi

Re: Prosim o zkontrolování logu

Napsal: 05 říj 2008 13:25
od jaro3
Podle mě to tam nemá co dělat.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\system32\wjoqclcr.ini
C:\WINDOWS\system32\qgbjuoxm.ini
C:\WINDOWS\system32\xendrskp.ini
C:\WINDOWS\system32\nwvghrmt.ini
C:\WINDOWS\system32\HknUEfhk.ini2
C:\WINDOWS\system32\HknUEfhk.ini
C:\WINDOWS\system32\pisshsbr.ini
C:\WINDOWS\system32\JSsvDfhk.ini
C:\WINDOWS\system32\JSsvDfhk.ini2
C:\WINDOWS\system32\BbJiOXyb.ini2
C:\WINDOWS\system32\LkjTDfii.ini2

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Re: Prosim o zkontrolování logu

Napsal: 05 říj 2008 13:47
od dior
ComboFix 08-10-04.07 - Dior 2008-10-05 13:41:30.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.3062 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Dior\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Dior\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!

FILE ::
C:\WINDOWS\system32\BbJiOXyb.ini2
C:\WINDOWS\system32\HknUEfhk.ini
C:\WINDOWS\system32\HknUEfhk.ini2
C:\WINDOWS\system32\JSsvDfhk.ini
C:\WINDOWS\system32\JSsvDfhk.ini2
C:\WINDOWS\system32\LkjTDfii.ini2
C:\WINDOWS\system32\nwvghrmt.ini
C:\WINDOWS\system32\pisshsbr.ini
C:\WINDOWS\system32\qgbjuoxm.ini
C:\WINDOWS\system32\wjoqclcr.ini
C:\WINDOWS\system32\xendrskp.ini
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\BbJiOXyb.ini2
C:\WINDOWS\system32\HknUEfhk.ini
C:\WINDOWS\system32\HknUEfhk.ini2
C:\WINDOWS\system32\jmcuwgic.ini
C:\WINDOWS\system32\JSsvDfhk.ini
C:\WINDOWS\system32\JSsvDfhk.ini2
C:\WINDOWS\system32\LkjTDfii.ini2
C:\WINDOWS\system32\nwvghrmt.ini
C:\WINDOWS\system32\pisshsbr.ini
C:\WINDOWS\system32\qaxxvyye.ini
C:\WINDOWS\system32\qgbjuoxm.ini
C:\WINDOWS\system32\sniohrkc.ini
C:\WINDOWS\system32\wjoqclcr.ini
C:\WINDOWS\system32\xendrskp.ini
C:\WINDOWS\system32\yppionuj.ini

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-05 do 2008-10-05 )))))))))))))))))))))))))))))))
.

2008-10-04 22:21 . 2008-10-04 22:21 1,270 --a------ C:\d.bmp
2008-10-04 22:11 . 2008-10-04 22:21 421 --a------ C:\b.JPG
2008-10-03 00:25 . 2008-10-05 13:33 <DIR> d-------- C:\Program Files\Crawler
2008-10-01 18:40 . 2008-10-01 18:40 1,270 --a------ C:\b.bmp
2008-10-01 18:23 . 2008-10-01 18:40 1,270 --a------ C:\a.bmp
2008-10-01 18:15 . 2008-10-01 18:15 630 --a------ C:\24400000.bmp
2008-10-01 16:58 . 2008-10-04 22:21 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\gtk-2.0
2008-10-01 16:41 . 2008-10-01 16:41 <DIR> d-------- C:\Documents and Settings\Dior\.thumbnails
2008-10-01 15:16 . 2008-10-04 22:45 <DIR> d-------- C:\Documents and Settings\Dior\.gimp-2.4
2008-09-30 19:30 . 2008-09-30 19:40 17,490,211 --a------ C:\system.rar
2008-09-30 17:23 . 2008-09-30 17:23 15,415 --a------ C:\titulky4x06cz.zip
2008-09-29 21:39 . 2008-09-29 21:39 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-09-29 21:39 . 2008-09-29 21:39 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\teamspeak2
2008-09-29 21:39 . 2008-09-29 21:39 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-09-28 22:30 . 2007-03-16 10:19 5,174 -ra------ C:\WINDOWS\system32\nppt9x.vxd
2008-09-28 22:30 . 2007-03-16 10:19 4,682 -ra------ C:\WINDOWS\system32\npptNT2.sys
2008-09-27 12:52 . 2008-09-28 12:52 <DIR> d-------- C:\Program Files\mIRC
2008-09-27 12:52 . 2008-09-28 12:58 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\mIRC
2008-09-27 00:12 . 2008-09-27 00:12 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ATI
2008-09-25 12:31 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll
2008-09-25 12:31 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-25 12:31 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll
2008-09-25 12:31 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll
2008-09-25 12:31 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll
2008-09-25 12:31 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-25 12:30 . 2008-09-25 12:30 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-09-25 12:28 . 2008-09-25 12:28 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-25 12:28 . 2008-09-25 12:28 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-09-25 12:28 . 2008-09-25 12:28 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-09-24 16:58 . 2008-10-02 21:03 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\Spyware Terminator
2008-09-24 16:58 . 2008-10-04 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-09-24 16:58 . 2008-09-24 16:58 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-24 16:45 . 2008-09-24 16:45 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\SUPERAntiSpyware.com
2008-09-24 16:45 . 2008-09-24 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2008-09-24 16:41 . 2008-09-24 16:41 <DIR> d-------- C:\Program Files\Java
2008-09-24 16:41 . 2008-09-24 16:41 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-24 16:41 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-24 16:37 . 2008-09-24 16:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-18 15:12 . 2008-09-18 15:12 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-18 01:48 . 2008-09-18 01:48 2,915,944 --a------ C:\WINDOWS\system32\drivers\appdrv01.sys
2008-09-16 16:35 . 2008-09-18 15:12 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-09-16 16:09 . 2008-09-16 16:09 <DIR> d-------- C:\WINDOWS\Logs
2008-09-12 15:00 . 2008-09-12 15:01 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\SPORE
2008-09-12 14:37 . 2003-06-19 00:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-09-12 14:37 . 2008-09-12 14:37 382 --a------ C:\WINDOWS\ODBC.INI
2008-09-12 14:36 . 2008-09-12 14:36 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-12 14:36 . 2008-09-12 14:36 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-12 14:24 . 2008-09-12 14:24 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\SporeCreatureCreator
2008-09-11 20:17 . 2008-10-03 13:46 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-11 19:52 . 2008-09-11 19:52 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\Nero
2008-09-11 19:47 . 2008-09-11 19:47 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-09-11 19:47 . 2008-09-11 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2008-09-11 16:42 . 2008-09-11 16:42 <DIR> d---s---- C:\Documents and Settings\Dior\UserData
2008-09-10 22:37 . 2008-09-11 15:36 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\SPORE Creature Creator
2008-09-10 17:43 . 2008-09-10 17:43 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\ValuSoft
2008-09-08 11:33 . 2008-09-08 11:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-08 11:30 . 2008-09-08 11:30 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2008-09-08 11:30 . 2008-09-08 11:30 472,576 --a------ C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 11:08 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\Skype
2008-09-27 00:39 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-09-26 22:10 --------- d-----w C:\Program Files\ATI Technologies
2008-09-25 10:30 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-09-25 10:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-24 13:15 --------- d-----w C:\Program Files\ICQ6
2008-09-23 16:20 137,728 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-23 16:20 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-13 22:18 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\Hamachi
2008-09-12 12:20 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-12 12:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-05 11:25 --------- d-----w C:\Program Files\Alwil Software
2008-09-02 19:24 --------- d-----w C:\Program Files\Hamachi
2008-09-02 10:36 --------- d-----w C:\Program Files\AMD
2008-08-28 07:13 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-21 04:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-21 02:19 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-21 02:18 314,880 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-08-21 02:08 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-08-21 02:08 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-08-21 02:07 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-08-21 02:07 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-21 02:07 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-08-21 02:05 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-08-21 02:04 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-08-21 02:01 10,084,352 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-08-21 01:55 4,094,560 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-08-21 01:50 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-08-21 01:38 2,377,856 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-08-21 01:23 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-08-21 01:19 380,928 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-08-21 01:18 37,376 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-08-21 01:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-08-21 01:17 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-08-21 01:17 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-08-21 01:11 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-08-20 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-08-17 19:49 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\Bioshock
2008-08-16 10:34 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\ICQ
2008-08-08 09:47 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\InstallShield
2008-08-05 21:14 90,112 ----a-w C:\WINDOWS\system32\ATIBRTMON.EXE
2008-07-19 22:07 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-07-19 22:07 249,856 ------w C:\WINDOWS\Setup1.exe
.

((((((((((((((((((((((((((((( snapshot@2008-10-02_20.56.58.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-05 11:39:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_758.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"SpywareTerminator"="D:\Programy\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-24 1783808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Programy\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 D:\Programy\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 16:06 1840424 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-03 14:07 1576176 D:\Programy\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\hry\\stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"D:\\hry\\stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"D:\\hry\\Sacred Underworld\\gameserver.exe"=
"D:\\hry\\Sacred Underworld\\sacred.exe"=
"D:\\hry\\cs\\hl.exe"=
"D:\\hry\\cs\\cstrike.exe"=
"D:\\hry\\fifa08\\FIFA08.exe"=
"D:\\hry\\aoe\\age3x.exe"=
"D:\\hry\\aoe\\age3y.exe"=
"D:\\hry\\bf\\BF2.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"D:\\hry\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"D:\\hry\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
"D:\\hry\\sacred2demo\\system\\s2gs.exe"=
"D:\\hry\\sacred2demo\\system\\sacred2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-09-18 2915944]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-24 141312]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 69120]
S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc [ ]
S3 npkycryp;npkycryp;D:\hry\lineage2\HellBound\system\npkycryp.sys [ ]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 13:42:17
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-10-05 13:42:37
ComboFix-quarantined-files.txt 2008-10-05 11:42:35
ComboFix2.txt 2008-10-02 18:57:12

Před spuštěním: 2 489 683 968
Po spuštění: 2,487,652,352

220

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:45:47, on 5.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programy\Avast\aswUpdSv.exe
D:\Programy\Avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
D:\Programy\Spyware Terminator\sp_rsser.exe
D:\Programy\Avast\ashMaiSv.exe
D:\Programy\Avast\ashWebSv.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Documents and Settings\Dior\Plocha\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Programy\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Programy\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\WINDOWS\System32\appdrvrem01.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programy\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programy\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programy\Avast\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Programy\Spyware Terminator\sp_rsser.exe

--
End of file - 5717 bytes

Re: Prosim o zkontrolování logu

Napsal: 05 říj 2008 14:08
od jaro3
Tak ještě jednou script.viz výše:

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:0000000
"UpdatesDisableNotify"=dword:00000000

vlož sem pak nový log z CF a HJT a napiš jak se chová comp.

Re: Prosim o zkontrolování logu

Napsal: 06 říj 2008 16:08
od dior
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:19, on 6.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programy\Avast\aswUpdSv.exe
D:\Programy\Avast\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PnkBstrA.exe
D:\Programy\Spyware Terminator\sp_rsser.exe
D:\Programy\Avast\ashMaiSv.exe
D:\Programy\Avast\ashWebSv.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SpywareTerminator] "D:\Programy\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Programy\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\WINDOWS\System32\appdrvrem01.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programy\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programy\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programy\Avast\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Programy\Spyware Terminator\sp_rsser.exe

--
End of file - 5663 bytes





ComboFix 08-10-05.06 - Dior 2008-10-06 14:58:00.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.3056 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\Dior\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Dior\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-09-06 do 2008-10-06 )))))))))))))))))))))))))))))))
.

2008-10-04 22:21 . 2008-10-04 22:21 1,270 --a------ C:\d.bmp
2008-10-04 22:11 . 2008-10-04 22:21 421 --a------ C:\b.JPG
2008-10-03 00:25 . 2008-10-06 14:55 <DIR> d-------- C:\Program Files\Crawler
2008-10-01 18:40 . 2008-10-01 18:40 1,270 --a------ C:\b.bmp
2008-10-01 18:23 . 2008-10-01 18:40 1,270 --a------ C:\a.bmp
2008-10-01 18:15 . 2008-10-01 18:15 630 --a------ C:\24400000.bmp
2008-10-01 16:58 . 2008-10-04 22:21 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\gtk-2.0
2008-10-01 16:41 . 2008-10-01 16:41 <DIR> d-------- C:\Documents and Settings\Dior\.thumbnails
2008-10-01 15:16 . 2008-10-04 22:45 <DIR> d-------- C:\Documents and Settings\Dior\.gimp-2.4
2008-09-30 19:30 . 2008-09-30 19:40 17,490,211 --a------ C:\system.rar
2008-09-30 17:23 . 2008-09-30 17:23 15,415 --a------ C:\titulky4x06cz.zip
2008-09-29 21:39 . 2008-09-29 21:39 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-09-29 21:39 . 2008-09-29 21:39 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\teamspeak2
2008-09-29 21:39 . 2008-09-29 21:39 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-09-28 22:30 . 2007-03-16 10:19 5,174 -ra------ C:\WINDOWS\system32\nppt9x.vxd
2008-09-28 22:30 . 2007-03-16 10:19 4,682 -ra------ C:\WINDOWS\system32\npptNT2.sys
2008-09-27 12:52 . 2008-09-28 12:52 <DIR> d-------- C:\Program Files\mIRC
2008-09-27 12:52 . 2008-09-28 12:58 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\mIRC
2008-09-27 00:12 . 2008-09-27 00:12 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ATI
2008-09-25 12:31 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll
2008-09-25 12:31 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll
2008-09-25 12:31 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll
2008-09-25 12:31 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll
2008-09-25 12:31 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll
2008-09-25 12:31 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll
2008-09-25 12:30 . 2008-09-25 12:30 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-09-25 12:28 . 2008-09-25 12:28 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-25 12:28 . 2008-09-25 12:28 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-09-25 12:28 . 2008-09-25 12:28 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-09-24 16:58 . 2008-10-02 21:03 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\Spyware Terminator
2008-09-24 16:58 . 2008-10-04 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-09-24 16:58 . 2008-09-24 16:58 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-09-24 16:45 . 2008-09-24 16:45 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\SUPERAntiSpyware.com
2008-09-24 16:45 . 2008-09-24 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2008-09-24 16:41 . 2008-09-24 16:41 <DIR> d-------- C:\Program Files\Java
2008-09-24 16:41 . 2008-09-24 16:41 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-24 16:41 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-24 16:37 . 2008-09-24 16:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-18 15:12 . 2008-09-18 15:12 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-18 01:48 . 2008-09-18 01:48 2,915,944 --a------ C:\WINDOWS\system32\drivers\appdrv01.sys
2008-09-16 16:35 . 2008-09-18 15:12 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-09-16 16:09 . 2008-09-16 16:09 <DIR> d-------- C:\WINDOWS\Logs
2008-09-12 15:00 . 2008-09-12 15:01 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\SPORE
2008-09-12 14:37 . 2003-06-19 00:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-09-12 14:37 . 2008-09-12 14:37 382 --a------ C:\WINDOWS\ODBC.INI
2008-09-12 14:36 . 2008-09-12 14:36 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-09-12 14:36 . 2008-09-12 14:36 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-09-12 14:24 . 2008-09-12 14:24 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\SporeCreatureCreator
2008-09-11 20:17 . 2008-10-03 13:46 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-11 19:52 . 2008-09-11 19:52 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\Nero
2008-09-11 19:47 . 2008-09-11 19:47 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-09-11 19:47 . 2008-09-11 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Nero
2008-09-11 16:42 . 2008-09-11 16:42 <DIR> d---s---- C:\Documents and Settings\Dior\UserData
2008-09-10 22:37 . 2008-09-11 15:36 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\SPORE Creature Creator
2008-09-10 17:43 . 2008-09-10 17:43 <DIR> d-------- C:\Documents and Settings\Dior\Data aplikací\ValuSoft
2008-09-08 11:33 . 2008-09-08 11:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-08 11:30 . 2008-09-08 11:30 <DIR> d-------- C:\Program Files\Radeon Omega Drivers
2008-09-08 11:30 . 2008-09-08 11:30 472,576 --a------ C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 12:49 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\Skype
2008-09-27 00:39 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-09-26 22:10 --------- d-----w C:\Program Files\ATI Technologies
2008-09-25 10:30 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-09-25 10:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-24 13:15 --------- d-----w C:\Program Files\ICQ6
2008-09-23 16:20 137,728 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-23 16:20 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-13 22:18 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\Hamachi
2008-09-12 12:20 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-12 12:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-05 11:25 --------- d-----w C:\Program Files\Alwil Software
2008-09-02 19:24 --------- d-----w C:\Program Files\Hamachi
2008-09-02 10:36 --------- d-----w C:\Program Files\AMD
2008-08-28 07:13 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-08-21 04:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-21 02:19 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-21 02:18 314,880 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-08-21 02:08 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-08-21 02:08 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-08-21 02:07 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-08-21 02:07 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-21 02:07 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-08-21 02:05 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-08-21 02:04 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-08-21 02:01 10,084,352 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-08-21 01:55 4,094,560 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-08-21 01:50 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-08-21 01:38 2,377,856 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-08-21 01:23 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-08-21 01:19 380,928 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-08-21 01:18 37,376 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-08-21 01:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-08-21 01:17 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-08-21 01:17 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-08-21 01:11 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-08-20 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2008-08-17 19:49 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\Bioshock
2008-08-16 10:34 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\ICQ
2008-08-08 09:47 --------- d-----w C:\Documents and Settings\Dior\Data aplikací\InstallShield
2008-08-05 21:14 90,112 ----a-w C:\WINDOWS\system32\ATIBRTMON.EXE
2008-07-19 22:07 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-07-19 22:07 249,856 ------w C:\WINDOWS\Setup1.exe
.

((((((((((((((((((((((((((((( snapshot@2008-10-02_20.56.58.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-06 12:56:38 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_758.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"SpywareTerminator"="D:\Programy\Spyware Terminator\SpywareTerminatorShield.exe" [2008-09-24 1783808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Programy\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 D:\Programy\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 16:06 1840424 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-03 14:07 1576176 D:\Programy\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\hry\\stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"D:\\hry\\stalker\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"D:\\hry\\Sacred Underworld\\gameserver.exe"=
"D:\\hry\\Sacred Underworld\\sacred.exe"=
"D:\\hry\\cs\\hl.exe"=
"D:\\hry\\cs\\cstrike.exe"=
"D:\\hry\\fifa08\\FIFA08.exe"=
"D:\\hry\\aoe\\age3x.exe"=
"D:\\hry\\aoe\\age3y.exe"=
"D:\\hry\\bf\\BF2.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"D:\\hry\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"D:\\hry\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
"D:\\hry\\sacred2demo\\system\\s2gs.exe"=
"D:\\hry\\sacred2demo\\system\\sacred2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-09-18 2915944]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-09-24 141312]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 69120]
S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc [ ]
S3 npkycryp;npkycryp;D:\hry\lineage2\HellBound\system\npkycryp.sys [ ]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-06 14:58:45
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-10-06 14:59:06
ComboFix-quarantined-files.txt 2008-10-06 12:59:03
ComboFix2.txt 2008-10-05 11:42:38
ComboFix3.txt 2008-10-02 18:57:12

Před spuštěním: 8 252 956 672
Po spuštění: 8,253,550,592

188


skousel jsem pocitac zatizit... a vypada to dobre

Re: Prosim o zkontrolování logu

Napsal: 06 říj 2008 16:44
od jaro3
Logy O.K., zapni zase rez . ochranu u antiviru a ST.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

Re: Prosim o zkontrolování logu

Napsal: 07 říj 2008 18:45
od dior
diky moc za tvuj cas... tvoji pomoc
jsem ti moc vdecny
Časové pásmo: UTC+02:00
Stránka 1 z 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/