jednou za čas se u mámy snažím spravit to co se povedlo dětem...
prosím o kontrolu logu:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:19:49, on 21.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6\ICQ.exe
C:\WINDOWS\system32\winword.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\4427\toolbaru.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\4427\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Drag Racer Toolbar Helper - {90F97096-B265-471c-88D9-E7F8F2085673} - C:\Program Files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O3 - Toolbar: Drag Racer Toolbar - {126A8696-7EB7-4a2b-A651-A49A094E0FDD} - C:\Program Files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\4427\toolbaru.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [WinampAgent] F:\Radek\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: winword.exe.lnk = C:\WINDOWS\system32\winword.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Documents and Settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Documents and Settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRman000
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechny FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Documents and Settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Documents and Settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/chainz ... uncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumble ... axhost.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.shockwave.com/content/davinc ... ontrol.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/pl ... taller.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://iplay.oberon-media.com/Gameshell ... meHost.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.incredigames.com/online2/gol ... dfever.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamenext.co.uk/online/online ... der_v5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
--
End of file - 11130 bytes
prosím o kontrolu logu
Re: prosím o kontrolu logu
přidán log z comboxixu:
ComboFix 08-11-21.04 - Doma 2008-11-22 8:27:14.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.140 [GMT 1:00]
Spuštěný z: c:\downloads\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Resident AV is active
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\heroes2.pif
c:\program files\GamesBar\oberontb.dll
c:\windows\regedit.com
c:\windows\system32\cemetrix.dll
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-22 do 2008-11-22 )))))))))))))))))))))))))))))))
.
2097-10-19 05:58 . 2097-10-19 05:58 3,120 --a------ c:\windows\.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C432.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C426.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C421.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C420.lfa
2013-04-08 17:48 . 2006-07-30 11:00 12 --a------ c:\windows\system32\mapisvc.inf
2008-11-16 10:46 . 2008-11-16 10:46 24,064 --a------ c:\windows\system32\dmserver.VVVVVVVVVdll
2008-11-12 12:16 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 12:15 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\system32\cs
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\system32\bits
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\l2schemas
2008-10-29 09:08 . 2008-10-29 09:08 <DIR> d-------- c:\documents and settings\Doma\.traviaut
2008-10-27 15:12 . 2008-10-27 15:12 <DIR> d-------- c:\program files\Mahjong_Match
2008-10-27 15:01 . 2008-10-27 15:01 <DIR> d-------- c:\program files\The_Great_Indian_Quest
2008-10-26 08:02 . 2008-10-26 18:54 <DIR> d-------- c:\program files\Jewel of Atlantis.exe
2008-10-26 07:59 . 2008-11-22 08:16 <DIR> d-------- c:\program files\temp
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\Plugins
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\ocr
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\Data
2008-10-26 07:58 . 2008-10-26 08:00 <DIR> d-------- c:\program files\Pyramid Bloxx.exe
2008-10-24 13:57 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 07:36 --------- d-----w c:\documents and settings\Doma\Data aplikací\Skype
2008-11-22 07:27 --------- d-----w c:\program files\GamesBar
2008-11-22 07:24 --------- d-----w c:\program files\FlashGet
2008-11-22 07:20 --------- d-----w c:\documents and settings\Doma\Data aplikací\MegauploadToolbar
2008-11-22 07:00 --------- d-----w c:\documents and settings\Doma\Data aplikací\skypePM
2008-11-21 19:55 --------- d-----w c:\program files\QBeez 2
2008-11-18 14:51 --------- d-----w c:\program files\Jewel Quest II
2008-11-05 16:33 45,056 ----a-w c:\windows\NCUNINST.EXE
2008-10-30 21:14 --------- d-----w c:\program files\Mystical Mahjong
2008-10-27 22:47 --------- d-----w c:\program files\GameSpy Arcade
2008-10-27 22:46 --------- d-----w c:\program files\IncrediGames
2008-10-27 22:42 --------- d-----w c:\program files\Jewel Of Atlantis
2008-10-25 12:11 --------- d-----w c:\documents and settings\Doma\Data aplikací\BSplayer
2008-10-25 12:03 --------- d-----w c:\program files\FDRLab
2008-10-24 16:52 --------- d-----w c:\documents and settings\Doma\Data aplikací\ICQ
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 13:22 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-10-16 10:56 1,960,448 ----a-w c:\windows\system32\winword.exe
2008-10-15 16:10 --------- d-----w c:\program files\Crime Puzzle
2008-10-13 19:39 --------- d-----w c:\documents and settings\All Users\Data aplikací\BigFishGamesCache
2008-10-13 13:07 409,600 ----a-w c:\windows\system32\wrap_oal.dll
2008-10-13 13:07 114,688 ----a-w c:\windows\system32\OpenAL32.dll
2008-10-13 13:07 --------- d-----w c:\program files\OpenAL
2008-10-13 13:06 --------- d-----w c:\program files\Oberon Media
2008-10-12 15:34 --------- d-----w c:\program files\Zuma Deluxe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 13:27 --------- d-----w c:\program files\FunPause Fairies
2008-09-24 13:50 --------- d-----w c:\program files\ICQ6
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-29 20:12 44 ----a-w c:\program files\mjf_drm1.txt
2006-05-31 20:30 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-03-15 11:03 32 ----a-r c:\documents and settings\All Users\hash.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F97096-B265-471c-88D9-E7F8F2085673}]
2006-08-23 08:01 495616 --a------ c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{126A8696-7EB7-4a2b-A651-A49A094E0FDD}"= "c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll" [2006-08-23 495616]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{126A8696-7EB7-4A2B-A651-A49A094E0FDD}"= "c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll" [2006-08-23 495616]
[HKEY_CLASSES_ROOT\clsid\{126a8696-7eb7-4a2b-a651-a49a094e0fdd}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{E70625C5-512B-4ada-9A5D-1B6895AD5AA2}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2007-04-08 204843]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-07-30 921600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-14 180269]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
"VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Doma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
winword.exe.lnk - c:\windows\system32\winword.exe [2008-10-16 1960448]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Hry\\Warcraft III\\War3.exe"=
"c:\\Program Files\\GameHouse\\BounceOut\\BounceOut.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Games\\Paintball2\\paintball2.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Hry\\F.E.A.R. Combat\\FEARMP.exe"=
"c:\\Hry\\g3torrent\\g3torrent.exe"=
"c:\\Documents and Settings\\Doma\\Dokumenty\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Hry\\Heroes 3\\HEROES3.EXE"=
"c:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"c:\\Hry\\Unreal Tournament\\Unreal Tournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12560:TCP"= 12560:TCP:BitComet 12560 TCP
"12560:UDP"= 12560:UDP:BitComet 12560 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-05-15 11:07:00 61424]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2005-08-11 2368]
R3 PAC207;SoC PC-Camer@;c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2001-10-25 69120]
S3 AME;PC Camera(6029 CIF);c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S3 asbp2poa;asbp2poa;\??\c:\docume~1\Doma\LOCALS~1\Temp\asbp2poa.sys []
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2008-08-08 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2008-08-08 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2008-08-08 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2008-08-08 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2008-08-08 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2008-08-08 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2008-08-08 97704]
S4 hpt3xx;hpt3xx; []
.
Obsah adresáře 'Naplánované úlohy'
2008-11-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-10-24 17:54]
2008-11-22 c:\windows\Tasks\AE26464C93ADFD30.job
- c:\docume~1\doma\dataap~1\armyba~1\SOFTWARE BITS LIVE.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-WinampAgent - f:\radek\Winamp\winampa.exe
Notify-WgaLogon - (no file)
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download by Orbit - c:\documents and settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Grab video by Orbit - c:\documents and settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/204
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRman000
IE: Do&wnload selected by Orbit - c:\documents and settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\documents and settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
c:\windows\Downloaded Program Files\axhost.dll - O16 -: {87056D28-9730-4A47-B9F9-7E890B62C58A}
hxxp://www.shockwave.com/content/tumble ... axhost.cab
c:\windows\Downloaded Program Files\axhost.inf
c:\windows\Downloaded Program Files\DVC Download Control.ocx - O16 -: {ABB660B6-6694-407B-950A-EDBA5A159722}
hxxp://www.shockwave.com/content/davinc ... ontrol.cab
c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
hxxp://iplay.oberon-media.com/Gameshell ... meHost.cab
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 08:34:29
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
PROCES: c:\windows\system32\lsass.exe
-> c:\program files\Eset\pr_imon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\windows\system32\oodag.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\PAStiSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Celkový čas: 2008-11-22 8:41:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-11-22 07:41:15
Před spuštěním: Volných bajtů: 10 093 805 568
Po spuštění: Volných bajtů: 10,009,952,256
230 --- E O F --- 2008-11-12 17:16:35
ComboFix 08-11-21.04 - Doma 2008-11-22 8:27:14.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.140 [GMT 1:00]
Spuštěný z: c:\downloads\ComboFix.exe
* Vytvořen nový Bod Obnovení
* Resident AV is active
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\heroes2.pif
c:\program files\GamesBar\oberontb.dll
c:\windows\regedit.com
c:\windows\system32\cemetrix.dll
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-22 do 2008-11-22 )))))))))))))))))))))))))))))))
.
2097-10-19 05:58 . 2097-10-19 05:58 3,120 --a------ c:\windows\.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C432.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C426.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C421.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C420.lfa
2013-04-08 17:48 . 2006-07-30 11:00 12 --a------ c:\windows\system32\mapisvc.inf
2008-11-16 10:46 . 2008-11-16 10:46 24,064 --a------ c:\windows\system32\dmserver.VVVVVVVVVdll
2008-11-12 12:16 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 12:15 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\system32\cs
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\system32\bits
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\l2schemas
2008-10-29 09:08 . 2008-10-29 09:08 <DIR> d-------- c:\documents and settings\Doma\.traviaut
2008-10-27 15:12 . 2008-10-27 15:12 <DIR> d-------- c:\program files\Mahjong_Match
2008-10-27 15:01 . 2008-10-27 15:01 <DIR> d-------- c:\program files\The_Great_Indian_Quest
2008-10-26 08:02 . 2008-10-26 18:54 <DIR> d-------- c:\program files\Jewel of Atlantis.exe
2008-10-26 07:59 . 2008-11-22 08:16 <DIR> d-------- c:\program files\temp
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\Plugins
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\ocr
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\Data
2008-10-26 07:58 . 2008-10-26 08:00 <DIR> d-------- c:\program files\Pyramid Bloxx.exe
2008-10-24 13:57 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 07:36 --------- d-----w c:\documents and settings\Doma\Data aplikací\Skype
2008-11-22 07:27 --------- d-----w c:\program files\GamesBar
2008-11-22 07:24 --------- d-----w c:\program files\FlashGet
2008-11-22 07:20 --------- d-----w c:\documents and settings\Doma\Data aplikací\MegauploadToolbar
2008-11-22 07:00 --------- d-----w c:\documents and settings\Doma\Data aplikací\skypePM
2008-11-21 19:55 --------- d-----w c:\program files\QBeez 2
2008-11-18 14:51 --------- d-----w c:\program files\Jewel Quest II
2008-11-05 16:33 45,056 ----a-w c:\windows\NCUNINST.EXE
2008-10-30 21:14 --------- d-----w c:\program files\Mystical Mahjong
2008-10-27 22:47 --------- d-----w c:\program files\GameSpy Arcade
2008-10-27 22:46 --------- d-----w c:\program files\IncrediGames
2008-10-27 22:42 --------- d-----w c:\program files\Jewel Of Atlantis
2008-10-25 12:11 --------- d-----w c:\documents and settings\Doma\Data aplikací\BSplayer
2008-10-25 12:03 --------- d-----w c:\program files\FDRLab
2008-10-24 16:52 --------- d-----w c:\documents and settings\Doma\Data aplikací\ICQ
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 13:22 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-10-16 10:56 1,960,448 ----a-w c:\windows\system32\winword.exe
2008-10-15 16:10 --------- d-----w c:\program files\Crime Puzzle
2008-10-13 19:39 --------- d-----w c:\documents and settings\All Users\Data aplikací\BigFishGamesCache
2008-10-13 13:07 409,600 ----a-w c:\windows\system32\wrap_oal.dll
2008-10-13 13:07 114,688 ----a-w c:\windows\system32\OpenAL32.dll
2008-10-13 13:07 --------- d-----w c:\program files\OpenAL
2008-10-13 13:06 --------- d-----w c:\program files\Oberon Media
2008-10-12 15:34 --------- d-----w c:\program files\Zuma Deluxe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 13:27 --------- d-----w c:\program files\FunPause Fairies
2008-09-24 13:50 --------- d-----w c:\program files\ICQ6
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-29 20:12 44 ----a-w c:\program files\mjf_drm1.txt
2006-05-31 20:30 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-03-15 11:03 32 ----a-r c:\documents and settings\All Users\hash.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F97096-B265-471c-88D9-E7F8F2085673}]
2006-08-23 08:01 495616 --a------ c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{126A8696-7EB7-4a2b-A651-A49A094E0FDD}"= "c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll" [2006-08-23 495616]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{126A8696-7EB7-4A2B-A651-A49A094E0FDD}"= "c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll" [2006-08-23 495616]
[HKEY_CLASSES_ROOT\clsid\{126a8696-7eb7-4a2b-a651-a49a094e0fdd}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{E70625C5-512B-4ada-9A5D-1B6895AD5AA2}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2007-04-08 204843]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-07-30 921600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-14 180269]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
"VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Doma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
winword.exe.lnk - c:\windows\system32\winword.exe [2008-10-16 1960448]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Hry\\Warcraft III\\War3.exe"=
"c:\\Program Files\\GameHouse\\BounceOut\\BounceOut.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Games\\Paintball2\\paintball2.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Hry\\F.E.A.R. Combat\\FEARMP.exe"=
"c:\\Hry\\g3torrent\\g3torrent.exe"=
"c:\\Documents and Settings\\Doma\\Dokumenty\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Hry\\Heroes 3\\HEROES3.EXE"=
"c:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"c:\\Hry\\Unreal Tournament\\Unreal Tournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12560:TCP"= 12560:TCP:BitComet 12560 TCP
"12560:UDP"= 12560:UDP:BitComet 12560 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-05-15 11:07:00 61424]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2005-08-11 2368]
R3 PAC207;SoC PC-Camer@;c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2001-10-25 69120]
S3 AME;PC Camera(6029 CIF);c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S3 asbp2poa;asbp2poa;\??\c:\docume~1\Doma\LOCALS~1\Temp\asbp2poa.sys []
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2008-08-08 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2008-08-08 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2008-08-08 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2008-08-08 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2008-08-08 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2008-08-08 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2008-08-08 97704]
S4 hpt3xx;hpt3xx; []
.
Obsah adresáře 'Naplánované úlohy'
2008-11-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-10-24 17:54]
2008-11-22 c:\windows\Tasks\AE26464C93ADFD30.job
- c:\docume~1\doma\dataap~1\armyba~1\SOFTWARE BITS LIVE.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-WinampAgent - f:\radek\Winamp\winampa.exe
Notify-WgaLogon - (no file)
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download by Orbit - c:\documents and settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/201
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Grab video by Orbit - c:\documents and settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/204
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRman000
IE: Do&wnload selected by Orbit - c:\documents and settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\documents and settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
c:\windows\Downloaded Program Files\axhost.dll - O16 -: {87056D28-9730-4A47-B9F9-7E890B62C58A}
hxxp://www.shockwave.com/content/tumble ... axhost.cab
c:\windows\Downloaded Program Files\axhost.inf
c:\windows\Downloaded Program Files\DVC Download Control.ocx - O16 -: {ABB660B6-6694-407B-950A-EDBA5A159722}
hxxp://www.shockwave.com/content/davinc ... ontrol.cab
c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
hxxp://iplay.oberon-media.com/Gameshell ... meHost.cab
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 08:34:29
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
PROCES: c:\windows\system32\lsass.exe
-> c:\program files\Eset\pr_imon.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\windows\system32\oodag.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\PAStiSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Celkový čas: 2008-11-22 8:41:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2008-11-22 07:41:15
Před spuštěním: Volných bajtů: 10 093 805 568
Po spuštění: Volných bajtů: 10,009,952,256
230 --- E O F --- 2008-11-12 17:16:35
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu
Odinstaluj :
MegauploadToolbar
Big Fish Games Toolbar
GamesBar
BS.Player ControlBar
Mywebsearch
Toto otestuj na Virustotal
c:\windows\system32\dmserver.VVVVVVVVVdll
c:\windows\system32\winword.exe
c:\program files\mjf_drm1.txt
c:\documents and settings\Doma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
winword.exe.lnk
c:\docume~1\doma\dataap~1\armyba~1\SOFTWARE BITS LIVE.exe
Vloř sem pak výsledky.
MegauploadToolbar
Big Fish Games Toolbar
GamesBar
BS.Player ControlBar
Mywebsearch
Toto otestuj na Virustotal
c:\windows\system32\dmserver.VVVVVVVVVdll
c:\windows\system32\winword.exe
c:\program files\mjf_drm1.txt
c:\documents and settings\Doma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
winword.exe.lnk
c:\docume~1\doma\dataap~1\armyba~1\SOFTWARE BITS LIVE.exe
Vloř sem pak výsledky.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu logu
u 3 souborů mě virustotal vyjel toto:0 bytes size received / Se ha recibido un archivo vacio
tady mám výsledky 2 souborů odeslaných na virustotal:
Soubor winword.exe přijatý 2008.11.22 12:33:58 (CET)
Výsledek: 1/37 (2.71%)
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.11.21.0 2008.11.21 -
AntiVir 7.9.0.35 2008.11.21 -
Authentium 5.1.0.4 2008.11.22 -
Avast 4.8.1281.0 2008.11.21 -
AVG 8.0.0.199 2008.11.21 -
BitDefender 7.2 2008.11.22 -
CAT-QuickHeal 10.00 2008.11.21 -
ClamAV 0.94.1 2008.11.22 -
DrWeb 4.44.0.09170 2008.11.22 -
eSafe 7.0.17.0 2008.11.19 -
eTrust-Vet 31.6.6221 2008.11.21 -
Ewido 4.0 2008.11.22 -
F-Prot 4.4.4.56 2008.11.21 -
F-Secure 8.0.14332.0 2008.11.22 Suspicious:W32/Kolweb.d!Gemini
Fortinet 3.117.0.0 2008.11.22 -
GData 19 2008.11.22 -
Ikarus T3.1.1.45.0 2008.11.22 -
K7AntiVirus 7.10.530 2008.11.21 -
Kaspersky 7.0.0.125 2008.11.22 -
McAfee 5441 2008.11.21 -
McAfee+Artemis 5441 2008.11.21 -
Microsoft 1.4104 2008.11.22 -
NOD32 3632 2008.11.21 -
Norman 5.80.02 2008.11.21 -
Panda 9.0.0.4 2008.11.22 -
PCTools 4.4.2.0 2008.11.21 -
Prevx1 V2 2008.11.22 -
Rising 21.04.52.00 2008.11.22 -
SecureWeb-Gateway 6.7.6 2008.11.22 -
Sophos 4.35.0 2008.11.22 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.22 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.22 -
VBA32 3.12.8.9 2008.11.21 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.21 -
Soubor mjf_drm1.txt přijatý 2008.11.22 12:40:04 (CET)
Výsledek: 0/37 (0%)
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.11.21.0 2008.11.21 -
AntiVir 7.9.0.35 2008.11.21 -
Authentium 5.1.0.4 2008.11.22 -
Avast 4.8.1281.0 2008.11.21 -
AVG 8.0.0.199 2008.11.21 -
BitDefender 7.2 2008.11.22 -
CAT-QuickHeal 10.00 2008.11.21 -
ClamAV 0.94.1 2008.11.22 -
DrWeb 4.44.0.09170 2008.11.22 -
eSafe 7.0.17.0 2008.11.19 -
eTrust-Vet 31.6.6221 2008.11.21 -
Ewido 4.0 2008.11.22 -
F-Prot 4.4.4.56 2008.11.21 -
F-Secure 8.0.14332.0 2008.11.22 -
Fortinet 3.117.0.0 2008.11.22 -
GData 19 2008.11.22 -
Ikarus T3.1.1.45.0 2008.11.22 -
K7AntiVirus 7.10.530 2008.11.21 -
Kaspersky 7.0.0.125 2008.11.22 -
McAfee 5441 2008.11.21 -
McAfee+Artemis 5441 2008.11.21 -
Microsoft 1.4104 2008.11.22 -
NOD32 3632 2008.11.21 -
Norman 5.80.02 2008.11.21 -
Panda 9.0.0.4 2008.11.22 -
PCTools 4.4.2.0 2008.11.21 -
Prevx1 V2 2008.11.22 -
Rising 21.04.52.00 2008.11.22 -
SecureWeb-Gateway 6.7.6 2008.11.22 -
Sophos 4.35.0 2008.11.22 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.22 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.22 -
VBA32 3.12.8.9 2008.11.21 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.21 -
C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění/winword.exe se na PC jeví jako zástupce s velikostí 603 bajtů
c:\windows\system32\dmserver.VVVVVVVVVdll - soubor se nelíbí antiviru a byl smazán
c:\docume~1\doma\dataap~1\armyba~1\SOFTWARE BITS LIVE.exe - nenalezen
tady mám výsledky 2 souborů odeslaných na virustotal:
Soubor winword.exe přijatý 2008.11.22 12:33:58 (CET)
Výsledek: 1/37 (2.71%)
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.11.21.0 2008.11.21 -
AntiVir 7.9.0.35 2008.11.21 -
Authentium 5.1.0.4 2008.11.22 -
Avast 4.8.1281.0 2008.11.21 -
AVG 8.0.0.199 2008.11.21 -
BitDefender 7.2 2008.11.22 -
CAT-QuickHeal 10.00 2008.11.21 -
ClamAV 0.94.1 2008.11.22 -
DrWeb 4.44.0.09170 2008.11.22 -
eSafe 7.0.17.0 2008.11.19 -
eTrust-Vet 31.6.6221 2008.11.21 -
Ewido 4.0 2008.11.22 -
F-Prot 4.4.4.56 2008.11.21 -
F-Secure 8.0.14332.0 2008.11.22 Suspicious:W32/Kolweb.d!Gemini
Fortinet 3.117.0.0 2008.11.22 -
GData 19 2008.11.22 -
Ikarus T3.1.1.45.0 2008.11.22 -
K7AntiVirus 7.10.530 2008.11.21 -
Kaspersky 7.0.0.125 2008.11.22 -
McAfee 5441 2008.11.21 -
McAfee+Artemis 5441 2008.11.21 -
Microsoft 1.4104 2008.11.22 -
NOD32 3632 2008.11.21 -
Norman 5.80.02 2008.11.21 -
Panda 9.0.0.4 2008.11.22 -
PCTools 4.4.2.0 2008.11.21 -
Prevx1 V2 2008.11.22 -
Rising 21.04.52.00 2008.11.22 -
SecureWeb-Gateway 6.7.6 2008.11.22 -
Sophos 4.35.0 2008.11.22 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.22 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.22 -
VBA32 3.12.8.9 2008.11.21 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.21 -
Soubor mjf_drm1.txt přijatý 2008.11.22 12:40:04 (CET)
Výsledek: 0/37 (0%)
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2008.11.21.0 2008.11.21 -
AntiVir 7.9.0.35 2008.11.21 -
Authentium 5.1.0.4 2008.11.22 -
Avast 4.8.1281.0 2008.11.21 -
AVG 8.0.0.199 2008.11.21 -
BitDefender 7.2 2008.11.22 -
CAT-QuickHeal 10.00 2008.11.21 -
ClamAV 0.94.1 2008.11.22 -
DrWeb 4.44.0.09170 2008.11.22 -
eSafe 7.0.17.0 2008.11.19 -
eTrust-Vet 31.6.6221 2008.11.21 -
Ewido 4.0 2008.11.22 -
F-Prot 4.4.4.56 2008.11.21 -
F-Secure 8.0.14332.0 2008.11.22 -
Fortinet 3.117.0.0 2008.11.22 -
GData 19 2008.11.22 -
Ikarus T3.1.1.45.0 2008.11.22 -
K7AntiVirus 7.10.530 2008.11.21 -
Kaspersky 7.0.0.125 2008.11.22 -
McAfee 5441 2008.11.21 -
McAfee+Artemis 5441 2008.11.21 -
Microsoft 1.4104 2008.11.22 -
NOD32 3632 2008.11.21 -
Norman 5.80.02 2008.11.21 -
Panda 9.0.0.4 2008.11.22 -
PCTools 4.4.2.0 2008.11.21 -
Prevx1 V2 2008.11.22 -
Rising 21.04.52.00 2008.11.22 -
SecureWeb-Gateway 6.7.6 2008.11.22 -
Sophos 4.35.0 2008.11.22 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.22 -
TheHacker 6.3.1.1.159 2008.11.19 -
TrendMicro 8.700.0.1004 2008.11.22 -
VBA32 3.12.8.9 2008.11.21 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.21 -
C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění/winword.exe se na PC jeví jako zástupce s velikostí 603 bajtů
c:\windows\system32\dmserver.VVVVVVVVVdll - soubor se nelíbí antiviru a byl smazán
c:\docume~1\doma\dataap~1\armyba~1\SOFTWARE BITS LIVE.exe - nenalezen
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu
Najdi a smaž:
C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění/winword.exe se na PC jeví jako zástupce s velikostí 603 bajtů
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu.
C:\Documents and Settings\Doma\Nabídka Start\Programy\Po spuštění/winword.exe se na PC jeví jako zástupce s velikostí 603 bajtů
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\system32\winword.exeZvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu logu
ComboFix 08-11-21.05 - Doma 2008-11-22 13:40:40.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.195 [GMT 1:00]
Spuštěný z: c:\documents and settings\Doma\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Doma\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-22 do 2008-11-22 )))))))))))))))))))))))))))))))
.
2097-10-19 05:58 . 2097-10-19 05:58 3,120 --a------ c:\windows\.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C432.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C426.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C421.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C420.lfa
2013-04-08 17:48 . 2006-07-30 11:00 12 --a------ c:\windows\system32\mapisvc.inf
2008-11-12 12:16 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 12:15 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\system32\cs
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\system32\bits
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\l2schemas
2008-10-29 09:08 . 2008-10-29 09:08 <DIR> d-------- c:\documents and settings\Doma\.traviaut
2008-10-27 15:12 . 2008-10-27 15:12 <DIR> d-------- c:\program files\Mahjong_Match
2008-10-27 15:01 . 2008-10-27 15:01 <DIR> d-------- c:\program files\The_Great_Indian_Quest
2008-10-26 08:02 . 2008-10-26 18:54 <DIR> d-------- c:\program files\Jewel of Atlantis.exe
2008-10-26 07:59 . 2008-11-22 09:11 <DIR> d-------- c:\program files\temp
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\Plugins
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\ocr
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\Data
2008-10-26 07:58 . 2008-10-26 08:00 <DIR> d-------- c:\program files\Pyramid Bloxx.exe
2008-10-24 13:57 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 12:38 --------- d-----w c:\program files\FlashGet
2008-11-22 12:36 --------- d-----w c:\documents and settings\Doma\Data aplikací\Skype
2008-11-22 11:19 --------- d-----w c:\program files\GamesBar
2008-11-22 11:19 --------- d-----w c:\documents and settings\All Users\Data aplikací\GamesBar
2008-11-22 07:00 --------- d-----w c:\documents and settings\Doma\Data aplikací\skypePM
2008-11-21 19:55 --------- d-----w c:\program files\QBeez 2
2008-11-18 14:51 --------- d-----w c:\program files\Jewel Quest II
2008-11-05 16:33 45,056 ----a-w c:\windows\NCUNINST.EXE
2008-10-30 21:14 --------- d-----w c:\program files\Mystical Mahjong
2008-10-27 22:47 --------- d-----w c:\program files\GameSpy Arcade
2008-10-27 22:46 --------- d-----w c:\program files\IncrediGames
2008-10-27 22:42 --------- d-----w c:\program files\Jewel Of Atlantis
2008-10-25 12:11 --------- d-----w c:\documents and settings\Doma\Data aplikací\BSplayer
2008-10-25 12:03 --------- d-----w c:\program files\FDRLab
2008-10-24 16:52 --------- d-----w c:\documents and settings\Doma\Data aplikací\ICQ
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 13:22 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-10-16 10:56 1,960,448 ----a-w c:\windows\system32\winword.exe
2008-10-15 16:10 --------- d-----w c:\program files\Crime Puzzle
2008-10-13 19:39 --------- d-----w c:\documents and settings\All Users\Data aplikací\BigFishGamesCache
2008-10-13 13:07 409,600 ----a-w c:\windows\system32\wrap_oal.dll
2008-10-13 13:07 114,688 ----a-w c:\windows\system32\OpenAL32.dll
2008-10-13 13:07 --------- d-----w c:\program files\OpenAL
2008-10-13 13:06 --------- d-----w c:\program files\Oberon Media
2008-10-12 15:34 --------- d-----w c:\program files\Zuma Deluxe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 13:27 --------- d-----w c:\program files\FunPause Fairies
2008-09-24 13:50 --------- d-----w c:\program files\ICQ6
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-29 20:12 44 ----a-w c:\program files\mjf_drm1.txt
2006-05-31 20:30 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-03-15 11:03 32 ----a-r c:\documents and settings\All Users\hash.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F97096-B265-471c-88D9-E7F8F2085673}]
2006-08-23 08:01 495616 --a------ c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{126A8696-7EB7-4a2b-A651-A49A094E0FDD}"= "c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll" [2006-08-23 495616]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{126A8696-7EB7-4A2B-A651-A49A094E0FDD}"= "c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll" [2006-08-23 495616]
[HKEY_CLASSES_ROOT\clsid\{126a8696-7eb7-4a2b-a651-a49a094e0fdd}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{E70625C5-512B-4ada-9A5D-1B6895AD5AA2}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2007-04-08 204843]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-07-30 921600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-14 180269]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
"VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Hry\\Warcraft III\\War3.exe"=
"c:\\Program Files\\GameHouse\\BounceOut\\BounceOut.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Games\\Paintball2\\paintball2.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Hry\\F.E.A.R. Combat\\FEARMP.exe"=
"c:\\Hry\\g3torrent\\g3torrent.exe"=
"c:\\Documents and Settings\\Doma\\Dokumenty\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Hry\\Heroes 3\\HEROES3.EXE"=
"c:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"c:\\Hry\\Unreal Tournament\\Unreal Tournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12560:TCP"= 12560:TCP:BitComet 12560 TCP
"12560:UDP"= 12560:UDP:BitComet 12560 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-05-15 11:07:00 61424]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2005-08-11 2368]
R3 PAC207;SoC PC-Camer@;c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2001-10-25 69120]
S3 AME;PC Camera(6029 CIF);c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S3 asbp2poa;asbp2poa;\??\c:\docume~1\Doma\LOCALS~1\Temp\asbp2poa.sys []
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2008-08-08 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2008-08-08 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2008-08-08 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2008-08-08 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2008-08-08 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2008-08-08 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2008-08-08 97704]
S4 hpt3xx;hpt3xx; []
*Newly Created Service* - CATCHME
.
Obsah adresáře 'Naplánované úlohy'
2008-11-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-10-24 17:54]
2008-11-22 c:\windows\Tasks\AE26464C93ADFD30.job
- c:\docume~1\doma\dataap~1\armyba~1\SOFTWARE BITS LIVE.exe []
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 13:45:04
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
PROCES: c:\windows\system32\lsass.exe
-> c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2008-11-22 13:48:02
ComboFix-quarantined-files.txt 2008-11-22 12:47:09
ComboFix2.txt 2008-11-22 07:41:37
Před spuštěním: 9 974 493 184
Po spuštění: 9,967,009,792
178 --- E O F --- 2008-11-12 17:16:35
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.195 [GMT 1:00]
Spuštěný z: c:\documents and settings\Doma\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Doma\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-22 do 2008-11-22 )))))))))))))))))))))))))))))))
.
2097-10-19 05:58 . 2097-10-19 05:58 3,120 --a------ c:\windows\.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C432.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C426.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C421.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C420.lfa
2013-04-08 17:48 . 2006-07-30 11:00 12 --a------ c:\windows\system32\mapisvc.inf
2008-11-12 12:16 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 12:15 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\system32\cs
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\system32\bits
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\l2schemas
2008-10-29 09:08 . 2008-10-29 09:08 <DIR> d-------- c:\documents and settings\Doma\.traviaut
2008-10-27 15:12 . 2008-10-27 15:12 <DIR> d-------- c:\program files\Mahjong_Match
2008-10-27 15:01 . 2008-10-27 15:01 <DIR> d-------- c:\program files\The_Great_Indian_Quest
2008-10-26 08:02 . 2008-10-26 18:54 <DIR> d-------- c:\program files\Jewel of Atlantis.exe
2008-10-26 07:59 . 2008-11-22 09:11 <DIR> d-------- c:\program files\temp
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\Plugins
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\ocr
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\Data
2008-10-26 07:58 . 2008-10-26 08:00 <DIR> d-------- c:\program files\Pyramid Bloxx.exe
2008-10-24 13:57 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 12:38 --------- d-----w c:\program files\FlashGet
2008-11-22 12:36 --------- d-----w c:\documents and settings\Doma\Data aplikací\Skype
2008-11-22 11:19 --------- d-----w c:\program files\GamesBar
2008-11-22 11:19 --------- d-----w c:\documents and settings\All Users\Data aplikací\GamesBar
2008-11-22 07:00 --------- d-----w c:\documents and settings\Doma\Data aplikací\skypePM
2008-11-21 19:55 --------- d-----w c:\program files\QBeez 2
2008-11-18 14:51 --------- d-----w c:\program files\Jewel Quest II
2008-11-05 16:33 45,056 ----a-w c:\windows\NCUNINST.EXE
2008-10-30 21:14 --------- d-----w c:\program files\Mystical Mahjong
2008-10-27 22:47 --------- d-----w c:\program files\GameSpy Arcade
2008-10-27 22:46 --------- d-----w c:\program files\IncrediGames
2008-10-27 22:42 --------- d-----w c:\program files\Jewel Of Atlantis
2008-10-25 12:11 --------- d-----w c:\documents and settings\Doma\Data aplikací\BSplayer
2008-10-25 12:03 --------- d-----w c:\program files\FDRLab
2008-10-24 16:52 --------- d-----w c:\documents and settings\Doma\Data aplikací\ICQ
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 13:22 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-10-16 10:56 1,960,448 ----a-w c:\windows\system32\winword.exe
2008-10-15 16:10 --------- d-----w c:\program files\Crime Puzzle
2008-10-13 19:39 --------- d-----w c:\documents and settings\All Users\Data aplikací\BigFishGamesCache
2008-10-13 13:07 409,600 ----a-w c:\windows\system32\wrap_oal.dll
2008-10-13 13:07 114,688 ----a-w c:\windows\system32\OpenAL32.dll
2008-10-13 13:07 --------- d-----w c:\program files\OpenAL
2008-10-13 13:06 --------- d-----w c:\program files\Oberon Media
2008-10-12 15:34 --------- d-----w c:\program files\Zuma Deluxe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 13:27 --------- d-----w c:\program files\FunPause Fairies
2008-09-24 13:50 --------- d-----w c:\program files\ICQ6
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-29 20:12 44 ----a-w c:\program files\mjf_drm1.txt
2006-05-31 20:30 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-03-15 11:03 32 ----a-r c:\documents and settings\All Users\hash.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F97096-B265-471c-88D9-E7F8F2085673}]
2006-08-23 08:01 495616 --a------ c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{126A8696-7EB7-4a2b-A651-A49A094E0FDD}"= "c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll" [2006-08-23 495616]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{126A8696-7EB7-4A2B-A651-A49A094E0FDD}"= "c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll" [2006-08-23 495616]
[HKEY_CLASSES_ROOT\clsid\{126a8696-7eb7-4a2b-a651-a49a094e0fdd}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{E70625C5-512B-4ada-9A5D-1B6895AD5AA2}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2007-04-08 204843]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-07-30 921600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-14 180269]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
"VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Hry\\Warcraft III\\War3.exe"=
"c:\\Program Files\\GameHouse\\BounceOut\\BounceOut.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Games\\Paintball2\\paintball2.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Hry\\F.E.A.R. Combat\\FEARMP.exe"=
"c:\\Hry\\g3torrent\\g3torrent.exe"=
"c:\\Documents and Settings\\Doma\\Dokumenty\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Hry\\Heroes 3\\HEROES3.EXE"=
"c:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"c:\\Hry\\Unreal Tournament\\Unreal Tournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12560:TCP"= 12560:TCP:BitComet 12560 TCP
"12560:UDP"= 12560:UDP:BitComet 12560 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-05-15 11:07:00 61424]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2005-08-11 2368]
R3 PAC207;SoC PC-Camer@;c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2001-10-25 69120]
S3 AME;PC Camera(6029 CIF);c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S3 asbp2poa;asbp2poa;\??\c:\docume~1\Doma\LOCALS~1\Temp\asbp2poa.sys []
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2008-08-08 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2008-08-08 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2008-08-08 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2008-08-08 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2008-08-08 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2008-08-08 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2008-08-08 97704]
S4 hpt3xx;hpt3xx; []
*Newly Created Service* - CATCHME
.
Obsah adresáře 'Naplánované úlohy'
2008-11-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-10-24 17:54]
2008-11-22 c:\windows\Tasks\AE26464C93ADFD30.job
- c:\docume~1\doma\dataap~1\armyba~1\SOFTWARE BITS LIVE.exe []
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 13:45:04
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
PROCES: c:\windows\system32\lsass.exe
-> c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2008-11-22 13:48:02
ComboFix-quarantined-files.txt 2008-11-22 12:47:09
ComboFix2.txt 2008-11-22 07:41:37
Před spuštěním: 9 974 493 184
Po spuštění: 9,967,009,792
178 --- E O F --- 2008-11-12 17:16:35
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu
Omluva , právě jsem opravil chybu ve scriptu (místo Files-File)
Tak to zkus znovu..
Tak to zkus znovu..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu logu
ComboFix 08-11-21.05 - Doma 2008-11-22 14:03:18.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.298 [GMT 1:00]
Spuštěný z: c:\documents and settings\Doma\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Doma\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
c:\windows\system32\winword.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Kit & Ellis\data\backs\1\dop\Desktop_.ini
c:\program files\Kit & Ellis\data\help\Desktop_.ini
c:\program files\Kit & Ellis\data\menu\Desktop_.ini
c:\program files\Kit & Ellis\data\menu\map\Desktop_.ini
c:\program files\Kit & Ellis\data\menu\torch\Desktop_.ini
c:\windows\system32\winword.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-22 do 2008-11-22 )))))))))))))))))))))))))))))))
.
2097-10-19 05:58 . 2097-10-19 05:58 3,120 --a------ c:\windows\.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C432.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C426.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C421.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C420.lfa
2013-04-08 17:48 . 2006-07-30 11:00 12 --a------ c:\windows\system32\mapisvc.inf
2008-11-12 12:16 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 12:15 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\system32\cs
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\system32\bits
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\l2schemas
2008-10-29 09:08 . 2008-10-29 09:08 <DIR> d-------- c:\documents and settings\Doma\.traviaut
2008-10-27 15:12 . 2008-10-27 15:12 <DIR> d-------- c:\program files\Mahjong_Match
2008-10-27 15:01 . 2008-10-27 15:01 <DIR> d-------- c:\program files\The_Great_Indian_Quest
2008-10-26 08:02 . 2008-10-26 18:54 <DIR> d-------- c:\program files\Jewel of Atlantis.exe
2008-10-26 07:59 . 2008-11-22 09:11 <DIR> d-------- c:\program files\temp
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\Plugins
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\ocr
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\Data
2008-10-26 07:58 . 2008-10-26 08:00 <DIR> d-------- c:\program files\Pyramid Bloxx.exe
2008-10-24 13:57 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 12:38 --------- d-----w c:\program files\FlashGet
2008-11-22 12:36 --------- d-----w c:\documents and settings\Doma\Data aplikací\Skype
2008-11-22 11:19 --------- d-----w c:\program files\GamesBar
2008-11-22 11:19 --------- d-----w c:\documents and settings\All Users\Data aplikací\GamesBar
2008-11-22 07:00 --------- d-----w c:\documents and settings\Doma\Data aplikací\skypePM
2008-11-21 19:55 --------- d-----w c:\program files\QBeez 2
2008-11-18 14:51 --------- d-----w c:\program files\Jewel Quest II
2008-11-05 16:33 45,056 ----a-w c:\windows\NCUNINST.EXE
2008-10-30 21:14 --------- d-----w c:\program files\Mystical Mahjong
2008-10-27 22:47 --------- d-----w c:\program files\GameSpy Arcade
2008-10-27 22:46 --------- d-----w c:\program files\IncrediGames
2008-10-27 22:42 --------- d-----w c:\program files\Jewel Of Atlantis
2008-10-25 12:11 --------- d-----w c:\documents and settings\Doma\Data aplikací\BSplayer
2008-10-25 12:03 --------- d-----w c:\program files\FDRLab
2008-10-24 16:52 --------- d-----w c:\documents and settings\Doma\Data aplikací\ICQ
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 13:22 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-10-15 16:10 --------- d-----w c:\program files\Crime Puzzle
2008-10-13 19:39 --------- d-----w c:\documents and settings\All Users\Data aplikací\BigFishGamesCache
2008-10-13 13:07 409,600 ----a-w c:\windows\system32\wrap_oal.dll
2008-10-13 13:07 114,688 ----a-w c:\windows\system32\OpenAL32.dll
2008-10-13 13:07 --------- d-----w c:\program files\OpenAL
2008-10-13 13:06 --------- d-----w c:\program files\Oberon Media
2008-10-12 15:34 --------- d-----w c:\program files\Zuma Deluxe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 13:27 --------- d-----w c:\program files\FunPause Fairies
2008-09-24 13:50 --------- d-----w c:\program files\ICQ6
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-29 20:12 44 ----a-w c:\program files\mjf_drm1.txt
2006-05-31 20:30 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-03-15 11:03 32 ----a-r c:\documents and settings\All Users\hash.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F97096-B265-471c-88D9-E7F8F2085673}]
2006-08-23 08:01 495616 --a------ c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{126A8696-7EB7-4a2b-A651-A49A094E0FDD}"= "c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll" [2006-08-23 495616]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{126A8696-7EB7-4A2B-A651-A49A094E0FDD}"= "c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll" [2006-08-23 495616]
[HKEY_CLASSES_ROOT\clsid\{126a8696-7eb7-4a2b-a651-a49a094e0fdd}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{E70625C5-512B-4ada-9A5D-1B6895AD5AA2}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2007-04-08 204843]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-07-30 921600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-14 180269]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
"VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Hry\\Warcraft III\\War3.exe"=
"c:\\Program Files\\GameHouse\\BounceOut\\BounceOut.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Games\\Paintball2\\paintball2.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Hry\\F.E.A.R. Combat\\FEARMP.exe"=
"c:\\Hry\\g3torrent\\g3torrent.exe"=
"c:\\Documents and Settings\\Doma\\Dokumenty\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Hry\\Heroes 3\\HEROES3.EXE"=
"c:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"c:\\Hry\\Unreal Tournament\\Unreal Tournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12560:TCP"= 12560:TCP:BitComet 12560 TCP
"12560:UDP"= 12560:UDP:BitComet 12560 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-05-15 11:07:00 61424]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2005-08-11 2368]
R3 PAC207;SoC PC-Camer@;c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2001-10-25 69120]
S3 AME;PC Camera(6029 CIF);c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S3 asbp2poa;asbp2poa;\??\c:\docume~1\Doma\LOCALS~1\Temp\asbp2poa.sys []
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2008-08-08 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2008-08-08 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2008-08-08 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2008-08-08 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2008-08-08 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2008-08-08 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2008-08-08 97704]
S4 hpt3xx;hpt3xx; []
*Newly Created Service* - CATCHME
.
Obsah adresáře 'Naplánované úlohy'
2008-11-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-10-24 17:54]
2008-11-22 c:\windows\Tasks\AE26464C93ADFD30.job
- c:\docume~1\doma\dataap~1\armyba~1\SOFTWARE BITS LIVE.exe []
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 14:05:52
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
PROCES: c:\windows\system32\lsass.exe
-> c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2008-11-22 14:08:02
ComboFix-quarantined-files.txt 2008-11-22 13:07:04
ComboFix2.txt 2008-11-22 12:48:04
ComboFix3.txt 2008-11-22 07:41:37
Před spuštěním: 9 945 903 104
Po spuštění: 9,933,688,832
189 --- E O F --- 2008-11-12 17:16:35
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.298 [GMT 1:00]
Spuštěný z: c:\documents and settings\Doma\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Doma\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
FILE ::
c:\windows\system32\winword.exe
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Kit & Ellis\data\backs\1\dop\Desktop_.ini
c:\program files\Kit & Ellis\data\help\Desktop_.ini
c:\program files\Kit & Ellis\data\menu\Desktop_.ini
c:\program files\Kit & Ellis\data\menu\map\Desktop_.ini
c:\program files\Kit & Ellis\data\menu\torch\Desktop_.ini
c:\windows\system32\winword.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-22 do 2008-11-22 )))))))))))))))))))))))))))))))
.
2097-10-19 05:58 . 2097-10-19 05:58 3,120 --a------ c:\windows\.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C432.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C426.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C421.lfa
2097-10-03 16:19 . 2097-10-03 16:19 3,120 --a------ c:\windows\MF_C420.lfa
2013-04-08 17:48 . 2006-07-30 11:00 12 --a------ c:\windows\system32\mapisvc.inf
2008-11-12 12:16 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 12:15 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\system32\cs
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\system32\bits
2008-10-30 18:31 . 2008-10-30 18:31 <DIR> d-------- c:\windows\l2schemas
2008-10-29 09:08 . 2008-10-29 09:08 <DIR> d-------- c:\documents and settings\Doma\.traviaut
2008-10-27 15:12 . 2008-10-27 15:12 <DIR> d-------- c:\program files\Mahjong_Match
2008-10-27 15:01 . 2008-10-27 15:01 <DIR> d-------- c:\program files\The_Great_Indian_Quest
2008-10-26 08:02 . 2008-10-26 18:54 <DIR> d-------- c:\program files\Jewel of Atlantis.exe
2008-10-26 07:59 . 2008-11-22 09:11 <DIR> d-------- c:\program files\temp
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\Plugins
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\ocr
2008-10-26 07:58 . 2008-10-26 07:58 <DIR> d-------- c:\windows\system32\Data
2008-10-26 07:58 . 2008-10-26 08:00 <DIR> d-------- c:\program files\Pyramid Bloxx.exe
2008-10-24 13:57 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-22 12:38 --------- d-----w c:\program files\FlashGet
2008-11-22 12:36 --------- d-----w c:\documents and settings\Doma\Data aplikací\Skype
2008-11-22 11:19 --------- d-----w c:\program files\GamesBar
2008-11-22 11:19 --------- d-----w c:\documents and settings\All Users\Data aplikací\GamesBar
2008-11-22 07:00 --------- d-----w c:\documents and settings\Doma\Data aplikací\skypePM
2008-11-21 19:55 --------- d-----w c:\program files\QBeez 2
2008-11-18 14:51 --------- d-----w c:\program files\Jewel Quest II
2008-11-05 16:33 45,056 ----a-w c:\windows\NCUNINST.EXE
2008-10-30 21:14 --------- d-----w c:\program files\Mystical Mahjong
2008-10-27 22:47 --------- d-----w c:\program files\GameSpy Arcade
2008-10-27 22:46 --------- d-----w c:\program files\IncrediGames
2008-10-27 22:42 --------- d-----w c:\program files\Jewel Of Atlantis
2008-10-25 12:11 --------- d-----w c:\documents and settings\Doma\Data aplikací\BSplayer
2008-10-25 12:03 --------- d-----w c:\program files\FDRLab
2008-10-24 16:52 --------- d-----w c:\documents and settings\Doma\Data aplikací\ICQ
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 13:22 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2008-10-15 16:10 --------- d-----w c:\program files\Crime Puzzle
2008-10-13 19:39 --------- d-----w c:\documents and settings\All Users\Data aplikací\BigFishGamesCache
2008-10-13 13:07 409,600 ----a-w c:\windows\system32\wrap_oal.dll
2008-10-13 13:07 114,688 ----a-w c:\windows\system32\OpenAL32.dll
2008-10-13 13:07 --------- d-----w c:\program files\OpenAL
2008-10-13 13:06 --------- d-----w c:\program files\Oberon Media
2008-10-12 15:34 --------- d-----w c:\program files\Zuma Deluxe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 13:27 --------- d-----w c:\program files\FunPause Fairies
2008-09-24 13:50 --------- d-----w c:\program files\ICQ6
2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll
2008-06-29 20:12 44 ----a-w c:\program files\mjf_drm1.txt
2006-05-31 20:30 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-03-15 11:03 32 ----a-r c:\documents and settings\All Users\hash.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90F97096-B265-471c-88D9-E7F8F2085673}]
2006-08-23 08:01 495616 --a------ c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{126A8696-7EB7-4a2b-A651-A49A094E0FDD}"= "c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll" [2006-08-23 495616]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{126A8696-7EB7-4A2B-A651-A49A094E0FDD}"= "c:\program files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll" [2006-08-23 495616]
[HKEY_CLASSES_ROOT\clsid\{126a8696-7eb7-4a2b-a651-a49a094e0fdd}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{E70625C5-512B-4ada-9A5D-1B6895AD5AA2}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2007-04-08 204843]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"ICQ"="c:\program files\ICQ6\ICQ.exe" [2008-09-01 173304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-07-30 921600]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-14 180269]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"Flashget"="c:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
"VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Hry\\Warcraft III\\Warcraft III.exe"=
"c:\\Hry\\Warcraft III\\War3.exe"=
"c:\\Program Files\\GameHouse\\BounceOut\\BounceOut.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Games\\Paintball2\\paintball2.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Hry\\F.E.A.R. Combat\\FEARMP.exe"=
"c:\\Hry\\g3torrent\\g3torrent.exe"=
"c:\\Documents and Settings\\Doma\\Dokumenty\\mIRC\\mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Hry\\Heroes 3\\HEROES3.EXE"=
"c:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"c:\\Hry\\Unreal Tournament\\Unreal Tournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12560:TCP"= 12560:TCP:BitComet 12560 TCP
"12560:UDP"= 12560:UDP:BitComet 12560 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-05-15 11:07:00 61424]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2005-08-11 2368]
R3 PAC207;SoC PC-Camer@;c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\DRIVERS\psched.sys [2001-10-25 69120]
S3 AME;PC Camera(6029 CIF);c:\windows\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S3 asbp2poa;asbp2poa;\??\c:\docume~1\Doma\LOCALS~1\Temp\asbp2poa.sys []
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2008-08-08 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2008-08-08 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2008-08-08 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2008-08-08 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2008-08-08 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2008-08-08 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2008-08-08 97704]
S4 hpt3xx;hpt3xx; []
*Newly Created Service* - CATCHME
.
Obsah adresáře 'Naplánované úlohy'
2008-11-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-10-24 17:54]
2008-11-22 c:\windows\Tasks\AE26464C93ADFD30.job
- c:\docume~1\doma\dataap~1\armyba~1\SOFTWARE BITS LIVE.exe []
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-22 14:05:52
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
PROCES: c:\windows\system32\lsass.exe
-> c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2008-11-22 14:08:02
ComboFix-quarantined-files.txt 2008-11-22 13:07:04
ComboFix2.txt 2008-11-22 12:48:04
ComboFix3.txt 2008-11-22 07:41:37
Před spuštěním: 9 945 903 104
Po spuštění: 9,933,688,832
189 --- E O F --- 2008-11-12 17:16:35
Re: prosím o kontrolu logu
no nic.... musím odjet do brna....doufám, že je vše vyřešeno(nebo aspoň většina) děkuji za pomoc
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu
Je to pryč, až se vrátíš ještě nový log z HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu logu
tady je nový log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:24, on 7.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\4427\toolbaru.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\4427\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Drag Racer Toolbar Helper - {90F97096-B265-471c-88D9-E7F8F2085673} - C:\Program Files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Drag Racer Toolbar - {126A8696-7EB7-4a2b-A651-A49A094E0FDD} - C:\Program Files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\4427\toolbaru.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Documents and Settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Documents and Settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRman000
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechny FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Documents and Settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Documents and Settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/chainz ... uncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumble ... axhost.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.shockwave.com/content/davinc ... ontrol.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/pl ... taller.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://iplay.oberon-media.com/Gameshell ... meHost.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.incredigames.com/online2/gol ... dfever.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
--
End of file - 9452 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:24, on 7.12.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\4427\toolbaru.dll
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\4427\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Drag Racer Toolbar Helper - {90F97096-B265-471c-88D9-E7F8F2085673} - C:\Program Files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Drag Racer Toolbar - {126A8696-7EB7-4a2b-A651-A49A094E0FDD} - C:\Program Files\Drag Racer Toolbar\v2.0.0.3\Drag_Racer_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\4427\toolbaru.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Documents and Settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Documents and Settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRman000
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechny FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Documents and Settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Documents and Settings\Doma\Plocha\Roman\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/chainz ... uncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumble ... axhost.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.shockwave.com/content/davinc ... ontrol.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://player.virtools.com/downloads/pl ... taller.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://iplay.oberon-media.com/Gameshell ... meHost.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.incredigames.com/online2/gol ... dfever.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
--
End of file - 9452 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu
Můžeš odinstalovat:
ICQ Toolbar
MYWEBSEARCH
Fix v HJT:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Aktualizuj javu:
Java SE Runtime Environment 6u11
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u11-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
ICQ Toolbar
MYWEBSEARCH
Fix v HJT:
Kód: Vybrat vše
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRman000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Aktualizuj javu:
Java SE Runtime Environment 6u11
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u11-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 89 hostů