PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

poprosím o kontrolu Logu

https://pc-help.cnews.cz/viewtopic.php?f=70&t=32880

Stránka 1 z 4

poprosím o kontrolu Logu

Napsal: 01 lis 2008 13:24
od bery1979
[list=][/list]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:26, on 1.11.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ICQ6\ICQ.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\JIINA~1\LOCALS~1\Temp\mexe.com
C:\Documents and Settings\Jiřina\Dokumenty\PC HELP\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLATOR\WEBIE.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\SRank.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SMail] "C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [144ae19f] rundll32.exe "C:\WINDOWS\System32\rdwlqcjj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SC4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "E:\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKLM\..\Policies\Explorer\Run: [QuickTimeTask] C:\Program Files\Applications\wcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZCxdm485YYCZ
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6082150829
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://host13.nwt.cz/activex/AMC.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://arcade.icq.com/online/online2/lu ... uncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://hostyn.nwt.cz/activex/AxisCamControl.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4833501F-48DB-419C-B74A-8F2674D3C08D}: NameServer = 10.10.10.1,10.10.10.2
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 11519 bytes

Re: poprosím o kontrolu Logu

Napsal: 01 lis 2008 13:37
od jaro3
Po odvirování doinstaluj SP2 a IE7.

Stáhni si SDFix
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + nový log z HJT+ mrkni se jestli ti pod Startem nechybí nějaké ikony, zobrazují se ti disky pod Tento počítač....

Vítej na fóru PC-HELP!

Re: poprosím o kontrolu Logu

Napsal: 01 lis 2008 14:41
od bery1979
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:35:30, on 1.11.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Jiřina\Dokumenty\PC HELP\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLATOR\WEBIE.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\SRank.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SMail] "C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [144ae19f] rundll32.exe "C:\WINDOWS\System32\rdwlqcjj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SC4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "E:\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZCxdm485YYCZ
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6082150829
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://host13.nwt.cz/activex/AMC.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://arcade.icq.com/online/online2/lu ... uncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://hostyn.nwt.cz/activex/AxisCamControl.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4833501F-48DB-419C-B74A-8F2674D3C08D}: NameServer = 10.10.10.1,10.10.10.2
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 11218 bytes




SDFix: Version 1.238
Run by Jiýina on so 01.11.2008 at 14:11

Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\khfDvvvS.dll - Deleted
C:\DOCUME~1\JIINA~1\LOCALS~1\Temp\PersonalAntiSpySetup.exe - Deleted
C:\WINDOWS\rundll16.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 14:31:26
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a8,41,20,54,74,57,b0,6b,ef,1a,d2,e9,52,fc,4a,b3,0d,55,03,33,68,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,44,e5,29,b7,b5,5e,de,2c,34,0a,1e,d7,f8,00,1c,a2,ca,..
"khjeh"=hex:08,64,19,0a,c6,40,19,9c,31,72,3f,8b,af,c3,0b,ec,78,d8,ee,62,e4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:0f,97,50,4c,ff,9a,ad,94,4b,30,08,10,64,ea,ab,89,c7,e4,c1,12,6c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a8,41,20,54,74,57,b0,6b,ef,1a,d2,e9,52,fc,4a,b3,0d,55,03,33,68,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,44,e5,29,b7,b5,5e,de,2c,34,0a,1e,d7,f8,00,1c,a2,ca,..
"khjeh"=hex:08,64,19,0a,c6,40,19,9c,31,72,3f,8b,af,c3,0b,ec,78,d8,ee,62,e4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:0f,97,50,4c,ff,9a,ad,94,4b,30,08,10,64,ea,ab,89,c7,e4,c1,12,6c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a8,41,20,54,74,57,b0,6b,ef,1a,d2,e9,52,fc,4a,b3,0d,55,03,33,68,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,44,e5,29,b7,b5,5e,de,2c,34,0a,1e,d7,f8,00,1c,a2,ca,..
"khjeh"=hex:08,64,19,0a,c6,40,19,9c,31,72,3f,8b,af,c3,0b,ec,78,d8,ee,62,e4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:0f,97,50,4c,ff,9a,ad,94,4b,30,08,10,64,ea,ab,89,c7,e4,c1,12,6c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:dcad9f6a
"s1"=dword:9cf5d99b
"s2"=dword:7d29f9fb
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a8,41,20,54,74,57,b0,6b,ef,1a,d2,e9,52,fc,4a,b3,0d,55,03,33,68,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,44,e5,29,b7,b5,5e,de,2c,34,0a,1e,d7,f8,00,1c,a2,ca,..
"khjeh"=hex:08,64,19,0a,c6,40,19,9c,31,72,3f,8b,af,c3,0b,ec,78,d8,ee,62,e4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:0f,97,50,4c,ff,9a,ad,94,4b,30,08,10,64,ea,ab,89,c7,e4,c1,12,6c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a8,41,20,54,74,57,b0,6b,ef,1a,d2,e9,52,fc,4a,b3,0d,55,03,33,68,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,44,e5,29,b7,b5,5e,de,2c,34,0a,1e,d7,f8,00,1c,a2,ca,..
"khjeh"=hex:08,64,19,0a,c6,40,19,9c,31,72,3f,8b,af,c3,0b,ec,78,d8,ee,62,e4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:0f,97,50,4c,ff,9a,ad,94,4b,30,08,10,64,ea,ab,89,c7,e4,c1,12,6c,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\System32\\lr85.exe"="C:\\WINDOWS\\System32\\lr85.exe:*:Enabled:Enabled"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 24 Apr 2006 2,319,568 A..H. --- "C:\Program Files\Squishy the Starfish\d3dx9_27.dll"
Mon 24 Apr 2006 240,128 A..H. --- "C:\Program Files\Squishy the Starfish\fmodex.dll"
Mon 24 Apr 2006 163,840 A..H. --- "C:\Program Files\Squishy the Starfish\LuaPlusDebuggerControls.dll"
Mon 24 Apr 2006 237,568 A..H. --- "C:\Program Files\Squishy the Starfish\LuaPlusDebuggerAddin.dll"
Mon 24 Apr 2006 434,176 A..H. --- "C:\Program Files\Squishy the Starfish\LuaPlusD_1081.dll"
Mon 24 Apr 2006 208,896 A..H. --- "C:\Program Files\Squishy the Starfish\LuaPlus_1081.dll"
Sun 5 Mar 2006 56 ..SHR --- "C:\WINDOWS\system32\88AAAD13BA.sys"
Sun 6 Aug 2000 28,738 A..HR --- "C:\Install\Office XP\MSDE2000\SQLRESLD.DLL"
Fri 9 Dec 2005 70,144 ..SHR --- "C:\Program Files\Team6 game studios\Scooter War3z\Setup.exe"
Sun 19 Oct 2008 444 ...HR --- "C:\Documents and Settings\Jiýina\Data aplikacˇ\SecuROM\UserData\securom_v7_01.bak"

Finished!

Re: poprosím o kontrolu Logu

Napsal: 01 lis 2008 14:49
od jaro3
Vypni rez. ochranu u NOD32.
Pokud máš 32 bitovou verzi win, postupuj takto:
vypni rez. ochranu u SpyBota:
- spusť Spybot - Search & Destroy
- nahoře v menu zvol: Režim => Pro pokročilé
- objeví se ti varovné okno kde zvol Ano
- okno programu se ti přepne do pokročilého zobrazení a tam zvol: Nástroje => Rezidentní
- tam zruš zatržení pokud bude u položky: Rezidentní program "TeaTimer" (Ochrana ...)
- zavři program
Restartuj PC.
Po té si stáhni ResetTeaTimer.bat(viz. Poznámka)
a ulož si ho na disku.
- spusť ho a po vyzvání zmáčkni libovolnou klávesu
- po proběhnutí a výzvě opět zmáčkni libovolnou klávesu a program se zavře.
Poznámka:
- pokud používáš Operu, tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit cíl odkazu jako...
- pokud používáš Firefox tak klikni pravým tlačítkem myši na odkaz a zvol možnost Uložit odkaz jako...

Stáhni si ComboFix (by sUBs)

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

………………………………………………………………………………………………………………………

Re: poprosím o kontrolu Logu

Napsal: 01 lis 2008 16:39
od bery1979
ComboFix 08-10-31.02 - Jiřina 2008-11-01 16:10:28.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.117 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Jiřina\Plocha\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\INSTALL.LOG
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\regedit.com
C:\WINDOWS\System32\awttUMeE.dll
C:\WINDOWS\system32\ccwgkpso.dll
C:\WINDOWS\system32\dfnxtkkm.ini
C:\WINDOWS\system32\dmfafmgp.ini
C:\WINDOWS\system32\EeMUttwa.ini
C:\WINDOWS\system32\EeMUttwa.ini2
C:\WINDOWS\system32\gmaerwnw.ini
C:\WINDOWS\system32\jjcqlwdr.ini
C:\WINDOWS\system32\khfEvwTK.dll
C:\WINDOWS\system32\mkktxnfd.dll
C:\WINDOWS\system32\ospkgwcc.ini
C:\WINDOWS\system32\pgmfafmd.dll
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\winsock32.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-01 do 2008-11-01 )))))))))))))))))))))))))))))))
.

2008-11-01 14:33 . 2008-11-01 14:33 0 --a------ C:\WINDOWS\system32\sert.tmp
2008-11-01 14:02 . 2008-11-01 14:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-11-01 13:55 . 2008-11-01 14:33 <DIR> d-------- C:\SDFix
2008-11-01 12:38 . 2008-11-01 12:38 0 --a------ C:\23990098.$$$
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-11-01 12:25 . 2008-11-01 12:25 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-11-01 12:25 . 2008-11-01 12:25 548,864 --a------ C:\WINDOWS\system32\msvcp80.dll
2008-11-01 12:25 . 2008-11-01 12:25 28,672 --a------ C:\WINDOWS\system32\eEmpty.exe
2008-11-01 12:25 . 2005-09-22 23:22 522 --a------ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2008-11-01 12:25 . 2008-11-01 12:32 54 --a------ C:\WINDOWS\Lic.xxx
2008-11-01 12:24 . 2008-11-01 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2008-11-01 12:24 . 2002-09-20 19:05 135,680 --a------ C:\WINDOWS\R.COM
2008-11-01 12:24 . 2002-09-20 19:05 130,048 --a------ C:\WINDOWS\system32\T.COM
2008-10-31 11:01 . 2008-10-31 11:01 18,944 --a------ C:\Documents and Settings\All Users\mo3TK.exe
2008-10-30 14:09 . 2008-10-30 14:09 <DIR> d-------- C:\Program Files\kX Project
2008-10-29 13:41 . 2008-10-29 13:41 <DIR> d-------- C:\My Downloads
2008-10-28 20:43 . 2008-10-28 21:47 <DIR> d-------- C:\Program Files\Undercover
2008-10-26 16:43 . 2008-10-26 16:43 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-10-26 16:43 . 2008-10-26 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar
2008-10-26 16:41 . 2008-10-26 16:44 <DIR> d-------- C:\Program Files\Winamp
2008-10-26 16:41 . 2008-10-26 19:22 <DIR> d-------- C:\Documents and Settings\Jiřina\Data aplikací\Winamp
2008-10-26 16:41 . 2007-03-08 00:51 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-10-26 16:41 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-10-26 16:41 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-10-26 13:54 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-10-26 13:54 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-26 13:54 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-10-26 13:54 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-10-26 13:54 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-10-26 13:54 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-10-26 13:54 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-10-26 13:54 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-10-26 13:54 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-10-26 13:54 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-10-26 13:54 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-10-26 13:53 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-10-26 13:53 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-10-26 13:51 . 2008-10-28 20:32 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-20 22:57 . 2008-10-20 22:57 <DIR> d-------- C:\Documents and Settings\Jiřina\Data aplikací\ATI
2008-10-20 22:49 . 2008-10-20 22:49 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-10-20 22:47 . 2008-10-20 22:47 <DIR> d-------- C:\ATI
2008-10-20 22:13 . 2008-10-20 22:13 <DIR> d-------- C:\Program Files\Lavalys
2008-10-20 21:38 . 2008-10-20 21:39 <DIR> d-------- C:\Program Files\EACOM
2008-10-20 21:36 . 2008-10-20 21:36 <DIR> d-------- C:\Program Files\EA SPORTS
2008-10-19 19:58 . 2008-10-19 19:58 <DIR> dr-h----- C:\Documents and Settings\Jiřina\Data aplikací\SecuROM
2008-10-19 19:58 . 2008-10-19 19:58 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-19 19:57 . 2008-10-19 19:57 <DIR> d-------- C:\ProgramData
2008-10-19 19:57 . 2008-10-19 19:57 6,046 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-10-19 19:33 . 2008-10-19 19:33 <DIR> d-------- C:\Documents and Settings\Jiřina\Data aplikací\Spore

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 14:46 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-11-01 11:55 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Skype
2008-10-29 12:57 --------- d-----w C:\Program Files\AviSynth 2.5
2008-10-29 12:55 --------- d-----w C:\Program Files\Peggle Deluxe
2008-10-29 12:52 --------- d-----w C:\Program Files\McDonaldsDragons
2008-10-26 18:14 --------- d-----w C:\Program Files\JetAudio
2008-10-20 21:50 --------- d-----w C:\Program Files\ATI Technologies
2008-10-20 20:39 28,624 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-10-20 20:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-19 18:57 --------- d-----w C:\Program Files\Electronic Arts
2008-10-12 15:15 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Nokia Multimedia Player
2008-10-02 12:05 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-09-29 15:22 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\ICQ
2008-09-28 08:28 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Alawar
2008-09-23 07:28 --------- d-----w C:\Program Files\ICQ6
2008-09-18 15:56 --------- d-----w C:\Program Files\Avi2Dvd
2008-09-13 16:32 --------- d-----w C:\Program Files\FlatOut
2008-09-13 15:58 --------- d-----w C:\Program Files\JoWooD
2008-09-11 20:36 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\uTorrent
2008-09-02 10:01 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Vso
2007-12-18 23:27 87,608 ----a-w C:\Documents and Settings\Jiřina\Data aplikací\ezpinst.exe
2007-12-18 23:27 47,360 ----a-w C:\Documents and Settings\Jiřina\Data aplikací\pcouffin.sys
2006-03-05 17:39 56 -csh--r C:\WINDOWS\system32\88AAAD13BA.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 1670144]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 23237416]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"NBJ"="E:\nero\Nero BackItUp\NBJ.exe" [2005-04-14 1957888]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-09-01 173304]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 1056768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"SMail"="C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe" [2005-11-30 450560]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-08 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
--a------ 2008-06-10 18:52 1447168 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)

R1 epfwtdir;epfwtdir;C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 66048]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\System32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\s125obex.sys [2007-04-24 98696]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{4EB9386D-E3A7-4700-BBAA-66D67EBF58B5} - C:\WINDOWS\System32\awttUMeE.dll
BHO-{C69ABC60-8C64-4FB6-B035-D5DF67F9674C} - (no file)
BHO-{C988A1BF-D300-4A4C-9A63-AFDF23671052} - (no file)
HKCU-Run-WhenUSave - C:\Program Files\Save\Save.exe
HKCU-Run-Magentic - C:\PROGRA~1\Magentic\bin\Magentic.exe
HKCU-Run-WEBTRAN - (no file)
HKLM-Run-144ae19f - C:\WINDOWS\System32\rdwlqcjj.dll
HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Doplňkový sken -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.seznam.cz/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 -: &ICQ Toolbar Search - C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 -: &Search - ?p=ZCxdm485YYCZ
O8 -: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 -: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 -: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 -: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 -: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 -: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 -: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 -: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLATOR\WEBIE.DLL
O9 -: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLATOR\WEBIE.DLL
O9 -: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLATOR\WEBIE.DLL
O9 -: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLATOR\WEBIE.DLL
O17 -: HKLM\CCS\Interface\{4833501F-48DB-419C-B74A-8F2674D3C08D}: NameServer = 10.10.10.1,10.10.10.2
O18 -: Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://host13.nwt.cz/activex/AMC.cab
C:\WINDOWS\Downloaded Program Files\setup.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 16:21:45
Windows 5.1.2600 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Celkový čas: 2008-11-01 16:26:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-11-01 15:26:36

Před spuštěním: Volných bajtů: 10 198 347 776
Po spuštění: Volných bajtů: 10,117,820,416

winxpsp1_cs_pro_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

237 --- E O F --- 2007-12-04 09:48:32

Re: poprosím o kontrolu Logu

Napsal: 01 lis 2008 17:22
od jaro3
Najdi a smaž:
C:\SDFix

Toto otestuj na Virustotal
C:\Documents and Settings\All Users\mo3TK.exe
C:\WINDOWS\system32\sert.tmp
C:\WINDOWS\system32\88AAAD13BA.sys

Vlož sem pak výsledky.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe
C:\WINDOWS\Lic.xxx
C:\WINDOWS\R.COM
C:\WINDOWS\system32\T.COM

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Re: poprosím o kontrolu Logu

Napsal: 01 lis 2008 17:37
od bery1979
Soubor mo3TK.exe přijatý 2008.11.01 17:28:52 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 3/36 (8.34%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: ___.
Odhadovaný čas začátku mezi ___ a ___ .
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:


Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.11.1.0 2008.10.31 -
AntiVir 7.9.0.10 2008.10.31 -
Authentium 5.1.0.4 2008.11.01 -
Avast 4.8.1248.0 2008.11.01 -
AVG 8.0.0.161 2008.11.01 SHeur2.AS
BitDefender 7.2 2008.11.01 -
CAT-QuickHeal 9.50 2008.11.01 -
ClamAV 0.94.1 2008.11.01 -
DrWeb 4.44.0.09170 2008.11.01 -
eSafe 7.0.17.0 2008.10.30 -
eTrust-Vet 31.6.6185 2008.11.01 -
Ewido 4.0 2008.11.01 -
F-Prot 4.4.4.56 2008.11.01 -
F-Secure 8.0.14332.0 2008.11.01 -
Fortinet 3.117.0.0 2008.10.31 -
GData 19 2008.11.01 -
Ikarus T3.1.1.44.0 2008.11.01 -
K7AntiVirus 7.10.514 2008.11.01 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.11.01 -
McAfee 5420 2008.11.01 -
Microsoft 1.4005 2008.11.01 -
NOD32 3575 2008.10.31 -
Norman 5.80.02 2008.10.31 -
Panda 9.0.0.4 2008.11.01 -
PCTools 4.4.2.0 2008.11.01 -
Prevx1 V2 2008.11.01 -
Rising 21.01.52.00 2008.11.01 -
SecureWeb-Gateway 6.7.6 2008.11.01 -
Sophos 4.35.0 2008.11.01 Mal/EncPk-FR
Sunbelt 3.1.1767.2 2008.10.31 -
Symantec 10 2008.11.01 -
TheHacker 6.3.1.1.135 2008.10.31 -
TrendMicro 8.700.0.1004 2008.10.31 -
VBA32 3.12.8.9 2008.11.01 -
ViRobot 2008.10.31.1446 2008.10.31 -
VirusBuster 4.5.11.0 2008.10.31 -
Rozšiřující informace
File size: 18944 bytes
MD5...: 3d331251ed5ecfecb4f66528ac0fee8f
SHA1..: b646f5eb3c282007e4e555b90d192a0e9988666d
SHA256: 24720ef6578cd2244b0f8a85832863d9817e0a4512c3ce73122182a15865908d
SHA512: 39cae178e263ee50a9eae814ea7cb602b04110622803e02a36b234bbb0db708a
45f0f8bff76ead03957f929f81998462fa87d91a2bcb82998f4f0d86ebcdd5bf
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403d34
timedatestamp.....: 0x47d008ae (Thu Mar 06 15:07:26 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x380b 0x3a00 7.68 25c7664b7b4a3fd992693f4c7dae0ee8
.data 0x5000 0x813 0x800 5.08 ead983a0dcb0b5b60162a9aac01c256c
.rsrc 0x6000 0x3d8 0x400 3.25 e0f8f169293422482723aa352ba69985

( 6 imports )
> MSVCRT.dll: _snprintf, _onexit, _access, __getmainargs, wcsncat, exit, _wtoi, _snwprintf
> ADVAPI32.dll: OpenSCManagerA, AddAce, GetKernelObjectSecurity, LookupPrivilegeValueW, SetSecurityInfo, GetTokenInformation, GetSidIdentifierAuthority, QueryServiceStatus
> KERNEL32.dll: GetStringTypeA, GetACP, LeaveCriticalSection, GetEnvironmentVariableA, GetTimeZoneInformation, IsDebuggerPresent, SizeofResource, CompareStringA
> SHELL32.dll: ExtractAssociatedIconA, DuplicateIcon, DragQueryPoint, FindExecutableA, ExtractIconExA, DragFinish, DoEnvironmentSubstA, DragAcceptFiles
> GDI32.dll: CreateCompatibleDC, DeleteObject, StartPage, GetStockObject, EndPage, RestoreDC, SetROP2, GetTextMetricsA
> USER32.dll: GetSubMenu, ReleaseDC, SetCapture, IsDialogMessageA, LoadCursorA, DrawMenuBar, GetMenuItemCount, FillRect, ChildWindowFromPoint, EnumChildWindows, DialogBoxParamA, GetWindowTextA, DefFrameProcA

( 0 exports )

Re: poprosím o kontrolu Logu

Napsal: 01 lis 2008 17:39
od bery1979
0 bytes size received / Se ha recibido un archivo vacio


Tohle mi to napsalo při vložení druhého souboru

Re: poprosím o kontrolu Logu

Napsal: 01 lis 2008 17:43
od bery1979
Soubor 88AAAD13BA.sys přijatý 2008.11.01 17:38:14 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/36 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 42 a 60 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:


Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.11.1.0 2008.10.31 -
AntiVir 7.9.0.10 2008.10.31 -
Authentium 5.1.0.4 2008.11.01 -
Avast 4.8.1248.0 2008.11.01 -
AVG 8.0.0.161 2008.11.01 -
BitDefender 7.2 2008.11.01 -
CAT-QuickHeal 9.50 2008.11.01 -
ClamAV 0.94.1 2008.11.01 -
DrWeb 4.44.0.09170 2008.11.01 -
eSafe 7.0.17.0 2008.10.30 -
eTrust-Vet 31.6.6185 2008.11.01 -
Ewido 4.0 2008.11.01 -
F-Prot 4.4.4.56 2008.11.01 -
F-Secure 8.0.14332.0 2008.11.01 -
Fortinet 3.117.0.0 2008.10.31 -
GData 19 2008.11.01 -
Ikarus T3.1.1.44.0 2008.11.01 -
K7AntiVirus 7.10.514 2008.11.01 -
Kaspersky 7.0.0.125 2008.11.01 -
McAfee 5420 2008.11.01 -
Microsoft 1.4005 2008.11.01 -
NOD32 3575 2008.10.31 -
Norman 5.80.02 2008.10.31 -
Panda 9.0.0.4 2008.11.01 -
PCTools 4.4.2.0 2008.11.01 -
Prevx1 V2 2008.11.01 -
Rising 21.01.52.00 2008.11.01 -
SecureWeb-Gateway 6.7.6 2008.11.01 -
Sophos 4.35.0 2008.11.01 -
Sunbelt 3.1.1767.2 2008.10.31 -
Symantec 10 2008.11.01 -
TheHacker 6.3.1.1.135 2008.10.31 -
TrendMicro 8.700.0.1004 2008.10.31 -
VBA32 3.12.8.9 2008.11.01 -
ViRobot 2008.10.31.1446 2008.10.31 -
VirusBuster 4.5.11.0 2008.10.31 -
Rozšiřující informace
File size: 56 bytes
MD5...: 87b22a0c3f20cc8549f0635e4540e7e1
SHA1..: efa35fa6eabffe856f40bc02655122bc1b9fa419
SHA256: 1a0fcb9202ad877e51010beaff01a7dc5c90351179812c61e31e4c475dcc81e3
SHA512: 51329ef10fa8d07a38ca9f74eb2133a57d2294fd1f86f74647444cd93b87807b
7bc9a3cbf6acb0ca7aee65fa93f083ce1e82fc19387686d7962db8a2048a5625
PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -

Re: poprosím o kontrolu Logu

Napsal: 01 lis 2008 17:52
od bery1979
ComboFix 08-10-31.02 - Jiřina 2008-11-01 17:43:18.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.135 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Jiřina\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Jiřina\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active

.

((((((((((((((((((((((((( Soubory vytvořené od 2008-10-01 do 2008-11-01 )))))))))))))))))))))))))))))))
.

2008-11-01 14:33 . 2008-11-01 14:33 0 --a------ C:\WINDOWS\system32\sert.tmp
2008-11-01 14:02 . 2008-11-01 14:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-11-01 12:38 . 2008-11-01 12:38 0 --a------ C:\23990098.$$$
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-11-01 12:25 . 2008-11-01 12:25 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-11-01 12:25 . 2008-11-01 12:25 548,864 --a------ C:\WINDOWS\system32\msvcp80.dll
2008-11-01 12:25 . 2008-11-01 12:25 28,672 --a------ C:\WINDOWS\system32\eEmpty.exe
2008-11-01 12:25 . 2005-09-22 23:22 522 --a------ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2008-11-01 12:25 . 2008-11-01 12:32 54 --a------ C:\WINDOWS\Lic.xxx
2008-11-01 12:24 . 2008-11-01 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2008-11-01 12:24 . 2002-09-20 19:05 135,680 --a------ C:\WINDOWS\R.COM
2008-11-01 12:24 . 2002-09-20 19:05 130,048 --a------ C:\WINDOWS\system32\T.COM
2008-10-31 11:01 . 2008-10-31 11:01 18,944 --a------ C:\Documents and Settings\All Users\mo3TK.exe
2008-10-30 14:09 . 2008-10-30 14:09 <DIR> d-------- C:\Program Files\kX Project
2008-10-29 13:41 . 2008-10-29 13:41 <DIR> d-------- C:\My Downloads
2008-10-28 20:43 . 2008-10-28 21:47 <DIR> d-------- C:\Program Files\Undercover
2008-10-26 16:43 . 2008-10-26 16:43 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-10-26 16:43 . 2008-10-26 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar
2008-10-26 16:41 . 2008-10-26 16:44 <DIR> d-------- C:\Program Files\Winamp
2008-10-26 16:41 . 2008-10-26 19:22 <DIR> d-------- C:\Documents and Settings\Jiřina\Data aplikací\Winamp
2008-10-26 16:41 . 2007-03-08 00:51 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-10-26 16:41 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-10-26 16:41 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-10-26 13:54 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-10-26 13:54 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-26 13:54 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-10-26 13:54 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-10-26 13:54 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-10-26 13:54 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-10-26 13:54 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-10-26 13:54 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-10-26 13:54 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-10-26 13:54 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-10-26 13:54 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-10-26 13:53 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-10-26 13:53 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-10-26 13:51 . 2008-10-28 20:32 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-20 22:57 . 2008-10-20 22:57 <DIR> d-------- C:\Documents and Settings\Jiřina\Data aplikací\ATI
2008-10-20 22:49 . 2008-10-20 22:49 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-10-20 22:47 . 2008-10-20 22:47 <DIR> d-------- C:\ATI
2008-10-20 22:13 . 2008-10-20 22:13 <DIR> d-------- C:\Program Files\Lavalys
2008-10-20 21:38 . 2008-10-20 21:39 <DIR> d-------- C:\Program Files\EACOM
2008-10-20 21:36 . 2008-10-20 21:36 <DIR> d-------- C:\Program Files\EA SPORTS
2008-10-19 19:58 . 2008-10-19 19:58 <DIR> dr-h----- C:\Documents and Settings\Jiřina\Data aplikací\SecuROM
2008-10-19 19:58 . 2008-10-19 19:58 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-19 19:57 . 2008-10-19 19:57 <DIR> d-------- C:\ProgramData
2008-10-19 19:57 . 2008-10-19 19:57 6,046 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-10-19 19:33 . 2008-10-19 19:33 <DIR> d-------- C:\Documents and Settings\Jiřina\Data aplikací\Spore

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 15:33 --------- d-----w C:\Program Files\ICQToolbar
2008-11-01 14:46 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-11-01 11:55 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Skype
2008-10-29 12:57 --------- d-----w C:\Program Files\AviSynth 2.5
2008-10-29 12:55 --------- d-----w C:\Program Files\Peggle Deluxe
2008-10-29 12:52 --------- d-----w C:\Program Files\McDonaldsDragons
2008-10-26 18:14 --------- d-----w C:\Program Files\JetAudio
2008-10-20 21:50 --------- d-----w C:\Program Files\ATI Technologies
2008-10-20 20:39 28,624 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-10-20 20:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-19 18:57 --------- d-----w C:\Program Files\Electronic Arts
2008-10-12 15:15 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Nokia Multimedia Player
2008-10-02 12:05 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-09-29 15:22 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\ICQ
2008-09-28 08:28 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Alawar
2008-09-23 07:28 --------- d-----w C:\Program Files\ICQ6
2008-09-18 15:56 --------- d-----w C:\Program Files\Avi2Dvd
2008-09-13 16:32 --------- d-----w C:\Program Files\FlatOut
2008-09-13 15:58 --------- d-----w C:\Program Files\JoWooD
2008-09-11 20:36 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\uTorrent
2008-09-02 10:01 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Vso
2007-12-18 23:27 87,608 ----a-w C:\Documents and Settings\Jiřina\Data aplikací\ezpinst.exe
2007-12-18 23:27 47,360 ----a-w C:\Documents and Settings\Jiřina\Data aplikací\pcouffin.sys
2006-03-05 17:39 56 -csh--r C:\WINDOWS\system32\88AAAD13BA.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 1670144]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 23237416]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"NBJ"="E:\nero\Nero BackItUp\NBJ.exe" [2005-04-14 1957888]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-09-01 173304]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 1056768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"SMail"="C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe" [2005-11-30 450560]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-08 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
--a------ 2008-06-10 18:52 1447168 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)

R1 epfwtdir;epfwtdir;C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 66048]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\System32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\s125obex.sys [2007-04-24 98696]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 17:45:35
Windows 5.1.2600 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2008-11-01 17:48:28
ComboFix-quarantined-files.txt 2008-11-01 16:48:25
ComboFix2.txt 2008-11-01 15:26:43

Před spuštěním: Volných bajtů: 10 120 691 712
Po spuštění: Volných bajtů: 10,109,517,824

155 --- E O F --- 2007-12-04 09:48:32

Re: poprosím o kontrolu Logu

Napsal: 01 lis 2008 17:53
od bery1979
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:48, on 1.11.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\ICQ6\ICQ.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jiřina\Dokumenty\PC HELP\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLATOR\WEBIE.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLATOR\WEBIE.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\SRank.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SMail] "C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SC4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "E:\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZCxdm485YYCZ
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6082150829
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://host13.nwt.cz/activex/AMC.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://arcade.icq.com/online/online2/lu ... uncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://hostyn.nwt.cz/activex/AxisCamControl.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4833501F-48DB-419C-B74A-8F2674D3C08D}: NameServer = 10.10.10.1,10.10.10.2
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 12215 bytes

Re: poprosím o kontrolu Logu

Napsal: 01 lis 2008 18:16
od jaro3
Zkus se podívat , co je to zač:
C:\WINDOWS\system32\sert.tmp

Ten script proveden nebyl , zkus ještě jednou tento script, postupuj , jak je napsáno výše, ale s tímto scriptem:

Kód: Vybrat vše

File::
C:\Documents and Settings\All Users\mo3TK.exe
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe
C:\WINDOWS\Lic.xxx
C:\WINDOWS\R.COM
C:\WINDOWS\system32\T.COM
Časové pásmo: UTC+02:00
Stránka 1 z 4
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/