Zdravím,mám velký problém s diskama nejdou otevřít četl jsem tu pár témat kde už se to řešilo ale radši zakládám nové téma pro pořádek.
Píše to stejnou chybu, nemůže nalézt RECYCLER.......
Podle návodu tady mám ten logFile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:00, on 10.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\mio active\wcescomm.exe
F:\ROSTA\FRAPS1\FRAPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
D:\MIOACT~1\rapimgr.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Media Player\wmplayer.exe
F:\Rosta\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.servis24.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] F:\Ulead 11\uvPL.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] F:\Rosta\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\mio active\wcescomm.exe"
O4 - HKCU\..\Run: [RGSC] F:\Hry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Fraps] F:\ROSTA\FRAPS1\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\MIOACT~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MIOACT~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MIOACT~1\INetRepl.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43AAD319-DF8B-4679-86D4-AB5755ED87C0}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4AE9CBE-10F0-4F8A-9E8A-9192D19478A2}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
--
End of file - 7201 bytes
Už jsem to projíždel i v tom Malwarebytes' Anti-Malware ale nevím jestli už to sem mám dát.PROSIM poraďte diky moc předem.
Nejdou otevřít disky
-
jackson8800
- Level 1
- Příspěvky: 91
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Nejdou otevřít disky
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
jackson8800
- Level 1
- Příspěvky: 91
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Nejdou otevřít disky
tohle už sem měl hotový akorát sem nevěděl jestli to sem mám dát tak teda tady to je :
Malwarebytes' Anti-Malware 1.33
Verze databáze: 1654
Windows 5.1.2600 Service Pack 2
10.2.2009 14:22:51
mbam-log-2009-02-10 (14-22-46).txt
Typ skenu: Rychlý sken
Objektu skenováno: 54700
Uplynulý cas: 2 minute(s), 4 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 12
Infikované složky: 0
Infikované soubory: 1
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{43aad319-df8b-4679-86d4-ab5755ed87c0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c4ae9cbe-10f0-4f8a-9e8a-9192d19478a2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c4ae9cbe-10f0-4f8a-9e8a-9192d19478a2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{43aad319-df8b-4679-86d4-ab5755ed87c0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{c4ae9cbe-10f0-4f8a-9e8a-9192d19478a2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{c4ae9cbe-10f0-4f8a-9e8a-9192d19478a2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{43aad319-df8b-4679-86d4-ab5755ed87c0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c4ae9cbe-10f0-4f8a-9e8a-9192d19478a2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c4ae9cbe-10f0-4f8a-9e8a-9192d19478a2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.33
Verze databáze: 1654
Windows 5.1.2600 Service Pack 2
10.2.2009 14:22:51
mbam-log-2009-02-10 (14-22-46).txt
Typ skenu: Rychlý sken
Objektu skenováno: 54700
Uplynulý cas: 2 minute(s), 4 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 12
Infikované složky: 0
Infikované soubory: 1
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{43aad319-df8b-4679-86d4-ab5755ed87c0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c4ae9cbe-10f0-4f8a-9e8a-9192d19478a2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c4ae9cbe-10f0-4f8a-9e8a-9192d19478a2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{43aad319-df8b-4679-86d4-ab5755ed87c0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{c4ae9cbe-10f0-4f8a-9e8a-9192d19478a2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{c4ae9cbe-10f0-4f8a-9e8a-9192d19478a2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{43aad319-df8b-4679-86d4-ab5755ed87c0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c4ae9cbe-10f0-4f8a-9e8a-9192d19478a2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c4ae9cbe-10f0-4f8a-9e8a-9192d19478a2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> No action taken.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Nejdou otevřít disky
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Poté:
Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Poté:
Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
jackson8800
- Level 1
- Příspěvky: 91
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Nejdou otevřít disky
Když jsem vypnul rezidentní ochranu spadlo mi PC hodilo to tu modrou obrazovku neco vypis fizicke pameti..muselo byt ukoncen jinak by doslo k poskozeni atd..tak muzu vypnout uplně nod?
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Nejdou otevřít disky
Deaktivuj NOD32.Kdyby nešel ComboFix v normálním režimu, můžeš ho rozjet v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
jackson8800
- Level 1
- Příspěvky: 91
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Nejdou otevřít disky
ComboFix 09-02-08.02 - doma 2009-02-10 18:18:38.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.2047.1690 [GMT 1:00]
Spuštěný z: c:\documents and settings\doma\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.51 *On-access scanning enabled* (Updated)
FW: Sunbelt Personal Firewall *disabled*
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\doma\Nabídka Start\Programy\coolplay
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\recycler\S-6-3-50-100012075-100004772-100030887-9906.com
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\gaopdxakbwlyqa.sys
c:\windows\system32\drivers\gaopdxbprmobvk.sys
c:\windows\system32\drivers\gaopdxdoeilero.sys
c:\windows\system32\drivers\gaopdxehpxxmix.sys
c:\windows\system32\drivers\gaopdxfgecmapq.sys
c:\windows\system32\drivers\gaopdxgwlheubd.sys
c:\windows\system32\drivers\gaopdxkoxufadl.sys
c:\windows\system32\drivers\gaopdxnlfcxold.sys
c:\windows\system32\drivers\gaopdxsjpylpst.sys
c:\windows\system32\drivers\gaopdxxhqbmlni.sys
c:\windows\system32\drivers\gaopdxyahpkjus.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxgtpiyhnv.dll
D:\Autorun.inf
d:\recycler\S-0-0-88-100027177-100031667-100023557-4071.com
d:\recycler\S-1-2-13-100022050-100011090-100029345-9579.com
d:\recycler\S-1-4-21-100004662-100001485-100021909-2554.com
d:\recycler\S-1-4-61-100017208-100010145-100014534-1321.com
d:\recycler\S-2-1-71-100011774-100025134-100001830-4273.com
d:\recycler\S-2-2-54-100002519-100029140-100018767-5659.com
d:\recycler\S-2-7-23-100009972-100012335-100024067-8215.com
d:\recycler\S-3-1-14-100029448-100028363-100012423-4591.com
d:\recycler\S-3-8-61-100025970-100018480-100018562-9661.com
d:\recycler\S-4-0-83-100020072-100023039-100002529-2043.com
d:\recycler\S-4-2-32-100023882-100018892-100027613-6011.com
d:\recycler\S-4-6-67-100031977-100029957-100002413-1233.com
d:\recycler\S-4-7-49-100012360-100019277-100015348-2900.com
d:\recycler\S-5-2-22-100028967-100010610-100014612-1764.com
d:\recycler\S-5-4-74-100030934-100002744-100016283-6181.com
d:\recycler\S-6-1-11-100032464-100002797-100019709-2782.com
d:\recycler\S-6-3-50-100012075-100004772-100030887-9906.com
d:\recycler\S-7-9-98-100006357-100016344-100012014-7938.com
d:\recycler\S-8-5-28-100005041-100010307-100021536-2904.com
d:\recycler\S-9-0-87-100029776-100011243-100000054-1920.com
d:\recycler\S-9-5-15-100017526-100006848-100029703-3017.com
F:\Autorun.inf
f:\recycler\S-0-0-88-100027177-100031667-100023557-4071.com
f:\recycler\S-1-2-13-100022050-100011090-100029345-9579.com
f:\recycler\S-1-4-21-100004662-100001485-100021909-2554.com
f:\recycler\S-1-4-61-100017208-100010145-100014534-1321.com
f:\recycler\S-2-1-71-100011774-100025134-100001830-4273.com
f:\recycler\S-2-2-54-100002519-100029140-100018767-5659.com
f:\recycler\S-2-7-23-100009972-100012335-100024067-8215.com
f:\recycler\S-3-1-14-100029448-100028363-100012423-4591.com
f:\recycler\S-3-8-61-100025970-100018480-100018562-9661.com
f:\recycler\S-4-0-83-100020072-100023039-100002529-2043.com
f:\recycler\S-4-2-32-100023882-100018892-100027613-6011.com
f:\recycler\S-4-6-67-100031977-100029957-100002413-1233.com
f:\recycler\S-4-7-49-100012360-100019277-100015348-2900.com
f:\recycler\S-5-2-22-100028967-100010610-100014612-1764.com
f:\recycler\S-5-4-74-100030934-100002744-100016283-6181.com
f:\recycler\S-6-1-11-100032464-100002797-100019709-2782.com
f:\recycler\S-6-3-50-100012075-100004772-100030887-9906.com
f:\recycler\S-7-9-98-100006357-100016344-100012014-7938.com
f:\recycler\S-8-5-28-100005041-100010307-100021536-2904.com
f:\recycler\S-9-0-87-100029776-100011243-100000054-1920.com
f:\recycler\S-9-5-15-100017526-100006848-100029703-3017.com
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-10 do 2009-02-10 )))))))))))))))))))))))))))))))
.
2009-02-10 14:17 . 2009-02-10 14:17 <DIR> d-------- c:\documents and settings\doma\Data aplikací\Malwarebytes
2009-02-10 14:17 . 2009-02-10 14:17 <DIR> d-------- c:\documents and settings\doma\Data aplikací\Malwarebytes
2009-02-10 14:17 . 2009-02-10 14:17 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-10 14:17 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 14:17 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-06 22:06 . 2009-02-10 17:47 139,280 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-02-06 22:05 . 2009-02-10 17:47 202,000 --a------ c:\windows\system32\PnkBstrB.exe
2009-02-04 12:51 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2009-02-04 12:51 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll
2009-02-04 12:51 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll
2009-02-04 12:51 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll
2009-02-04 12:51 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll
2009-02-04 12:51 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll
2009-01-31 22:36 . 2009-02-02 17:41 21,052 --a----t- c:\windows\system32\SIntfNT.dll
2009-01-31 22:36 . 2009-02-02 17:41 15,144 --a----t- c:\windows\system32\SIntf32.dll
2009-01-31 22:36 . 2009-02-02 17:41 12,067 --a----t- c:\windows\system32\SIntf16.dll
2009-01-31 15:58 . 2009-01-31 15:58 <DIR> d-------- c:\documents and settings\doma\Data aplikací\fltk.org
2009-01-31 15:58 . 2009-01-31 15:58 <DIR> d-------- c:\documents and settings\doma\Data aplikací\fltk.org
2009-01-30 21:39 . 2008-07-01 12:43 211 --ahs---- C:\BOOT.BKK
2009-01-30 21:36 . 2009-01-30 21:36 <DIR> d-------- c:\program files\TGTSoft
2009-01-30 21:22 . 2009-01-30 21:22 <DIR> dr-h----- c:\documents and settings\doma\Data aplikací\SecuROM
2009-01-30 21:22 . 2009-01-30 21:22 <DIR> dr-h----- c:\documents and settings\doma\Data aplikací\SecuROM
2009-01-30 21:00 . 2009-01-30 21:00 <DIR> d-------- c:\windows\Logs
2009-01-30 21:00 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2009-01-30 21:00 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2009-01-30 21:00 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2009-01-30 21:00 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2009-01-30 21:00 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2009-01-30 21:00 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2009-01-30 21:00 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2009-01-23 22:38 . 2009-01-23 22:38 <DIR> d-------- c:\program files\NVIDIA nTune Performance Application
2009-01-23 13:36 . 2009-01-23 13:36 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-01-17 20:25 . 2009-01-17 20:28 153,174 --a------ c:\windows\HPHins15.dat
2009-01-17 20:25 . 2007-08-28 07:45 2,828 --------- c:\windows\hphmdl15.dat
2009-01-17 12:36 . 2009-01-17 12:36 256 --a------ c:\windows\game.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 17:02 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-10 16:55 --------- d-----w c:\documents and settings\doma\Data aplikací\HLSW
2009-02-10 16:55 --------- d-----w c:\documents and settings\doma\Data aplikací\HLSW
2009-02-10 13:15 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 21:27 --------- d-----w c:\documents and settings\doma\Data aplikací\Skype
2009-02-08 21:27 --------- d-----w c:\documents and settings\doma\Data aplikací\Skype
2009-02-08 19:02 --------- d-----w c:\documents and settings\doma\Data aplikací\skypePM
2009-02-08 19:02 --------- d-----w c:\documents and settings\doma\Data aplikací\skypePM
2009-02-08 18:10 22,463 ----a-w c:\windows\system32\drivers\fwdrv.err
2009-02-06 21:05 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-04 15:59 --------- d-----w c:\documents and settings\doma\Data aplikací\gtk-2.0
2009-02-04 15:59 --------- d-----w c:\documents and settings\doma\Data aplikací\gtk-2.0
2009-02-01 14:49 --------- d-----w c:\documents and settings\doma\Data aplikací\Hamachi
2009-02-01 14:49 --------- d-----w c:\documents and settings\doma\Data aplikací\Hamachi
2009-01-30 19:59 22,328 ----a-w c:\documents and settings\doma\Data aplikací\PnkBstrK.sys
2009-01-30 19:59 22,328 ----a-w c:\documents and settings\doma\Data aplikací\PnkBstrK.sys
2009-01-23 21:38 --------- d-----w c:\program files\NVIDIA Corporation
2009-01-23 12:50 --------- d-----w c:\documents and settings\doma\Data aplikací\uTorrent
2009-01-23 12:50 --------- d-----w c:\documents and settings\doma\Data aplikací\uTorrent
2009-01-14 16:30 12,208 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-12-30 08:27 --------- d-s---w c:\program files\Xfire
2008-12-29 14:50 --------- d-----w c:\documents and settings\doma\Data aplikací\Xfire
2008-12-29 14:50 --------- d-----w c:\documents and settings\doma\Data aplikací\Xfire
2008-12-27 13:17 --------- d-----w c:\documents and settings\All Users\Data aplikací\Test Drive Unlimited
2008-12-26 22:42 --------- d-----w c:\documents and settings\doma\Data aplikací\unl-cdwu
2008-12-26 22:42 --------- d-----w c:\documents and settings\doma\Data aplikací\unl-cdwu
2008-12-26 11:45 --------- d-----w c:\program files\JetAudio
2008-12-26 11:45 --------- d-----w c:\documents and settings\doma\Data aplikací\COWON
2008-12-26 11:45 --------- d-----w c:\documents and settings\doma\Data aplikací\COWON
2008-12-25 18:33 --------- d-----w c:\program files\Webteh
2008-12-25 18:33 --------- d-----w c:\program files\BSPlayer
2008-12-24 21:43 17,480 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-12-24 21:41 --------- d-----w c:\documents and settings\doma\Data aplikací\teamspeak2
2008-12-24 21:41 --------- d-----w c:\documents and settings\doma\Data aplikací\teamspeak2
2008-12-24 19:51 --------- d-----w c:\program files\MSBuild
2008-12-24 19:49 --------- d-----w c:\program files\Reference Assemblies
2008-12-24 13:24 --------- d-----w c:\documents and settings\doma\Data aplikací\ICQ
2008-12-24 13:24 --------- d-----w c:\documents and settings\doma\Data aplikací\ICQ
2008-12-23 20:42 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-23 20:42 --------- d-----w c:\program files\AGEIA Technologies
2008-12-15 15:01 --------- d-----w c:\program files\Skype
2008-12-15 15:01 --------- d-----w c:\program files\Common Files\Skype
2008-12-15 15:01 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2008-12-11 20:37 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-12-10 19:13 --------- d-----w c:\documents and settings\All Users\Data aplikací\HP
2008-11-27 16:32 3,022 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-11-24 19:08 403,232 ----a-w c:\windows\Mazda6 MPS.scr
2008-11-24 19:08 30,208 ----a-w c:\windows\mickey32.dll
2008-11-24 19:08 3,534,222 ----a-w c:\windows\Mazda6 MPS.exe
2008-11-24 19:07 403,232 ----a-w c:\windows\Mazda - DISI.scr
2008-11-24 19:07 1,350,889 ----a-w c:\windows\Mazda - DISI.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"H/PC Connection Agent"="d:\mio active\wcescomm.exe" [2006-06-21 1211176]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"Fraps"="f:\rosta\FRAPS1\FRAPS.EXE" [2008-01-14 913064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-06-30 921600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-16 155648]
"UVS11 Preload"="f:\ulead 11\uvPL.exe" [2007-03-03 341488]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\doma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-15 1208320]
ImageMixer 3 SE Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe [2008-07-08 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"VIDC.AP41"= APmpg4v1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"d:\mio active\rapimgr.exe"= d:\mio active\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\mio active\wcescomm.exe"= d:\mio active\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\mio active\WCESMgr.exe"= d:\mio active\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"f:\\Rosta\\CoD4\\CoD4\\iw3mp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"f:\\Hry\\Test driver\\TestDriveUnlimited.exe"=
"f:\\Rosta\\HLSW\\hlsw.exe"=
"f:\\Hry\\Call of Duty 5 World at War\\CoDWaW_LANFixed.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Hry\\Call of Duty 5 World at War\\CoDWaW.exe"=
"f:\\Hry\\Call of Duty 5 World at War\\CoDWaWmp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2008-07-01 210224]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-04-26 72624]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2001-10-25 69120]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe --> c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-08-15 22640]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-RGSC - f:\hry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.servis24.cz/
LSP: c:\windows\System32\imon.dll
FF - ProfilePath - c:\documents and settings\doma\Data aplikací\Mozilla\Firefox\Profiles\6uj5zjnu.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Opera\program\plugins\NPDocBox.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 18:24:17
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1292428093-1960408961-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:d7,76,ab,4f,20,85,e2,c9,46,57,1e,1c,48,cc,76,1d,ec,83,be,37,d5,
37,44,96,49,3f,5c,e5,7e,f1,08,ff,b2,3d,8b,47,20,22,d8,4c,67,ea,21,c7,35,11,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,b8,85,bc,e2,c2,
a4,37,1b,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,27,5d,d5,2c,0c,
28,24,16,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,75,b5,94,a9,af,
70,2c,8c,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,eb,da,ae,d2,54,
a7,88,7d,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,58,d7,74,13,e9,
56,3e,42,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,cd,d7,94,18,cb,
0c,e0,0d,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,d0,9d,e9,35,62,
c3,57,ef,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,88,1c,a1,07,5d,
41,59,17,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,de,da,e1,cb,92,
b7,c3,e0,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,3b,2b,bd,df,63,
35,0e,b6,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,b3,f0,86,4d,e2,
35,20,d4,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,a6,b7,47,02,b5,
34,ce,c5,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1008)
c:\windows\System32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2009-02-10 18:26:39
ComboFix-quarantined-files.txt 2009-02-10 17:26:35
Před spuštěním: 9,327,910,912
Po spuštění: 9,391,632,384
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
346
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.2047.1690 [GMT 1:00]
Spuštěný z: c:\documents and settings\doma\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.51 *On-access scanning enabled* (Updated)
FW: Sunbelt Personal Firewall *disabled*
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\doma\Nabídka Start\Programy\coolplay
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\recycler\S-6-3-50-100012075-100004772-100030887-9906.com
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\gaopdxakbwlyqa.sys
c:\windows\system32\drivers\gaopdxbprmobvk.sys
c:\windows\system32\drivers\gaopdxdoeilero.sys
c:\windows\system32\drivers\gaopdxehpxxmix.sys
c:\windows\system32\drivers\gaopdxfgecmapq.sys
c:\windows\system32\drivers\gaopdxgwlheubd.sys
c:\windows\system32\drivers\gaopdxkoxufadl.sys
c:\windows\system32\drivers\gaopdxnlfcxold.sys
c:\windows\system32\drivers\gaopdxsjpylpst.sys
c:\windows\system32\drivers\gaopdxxhqbmlni.sys
c:\windows\system32\drivers\gaopdxyahpkjus.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxgtpiyhnv.dll
D:\Autorun.inf
d:\recycler\S-0-0-88-100027177-100031667-100023557-4071.com
d:\recycler\S-1-2-13-100022050-100011090-100029345-9579.com
d:\recycler\S-1-4-21-100004662-100001485-100021909-2554.com
d:\recycler\S-1-4-61-100017208-100010145-100014534-1321.com
d:\recycler\S-2-1-71-100011774-100025134-100001830-4273.com
d:\recycler\S-2-2-54-100002519-100029140-100018767-5659.com
d:\recycler\S-2-7-23-100009972-100012335-100024067-8215.com
d:\recycler\S-3-1-14-100029448-100028363-100012423-4591.com
d:\recycler\S-3-8-61-100025970-100018480-100018562-9661.com
d:\recycler\S-4-0-83-100020072-100023039-100002529-2043.com
d:\recycler\S-4-2-32-100023882-100018892-100027613-6011.com
d:\recycler\S-4-6-67-100031977-100029957-100002413-1233.com
d:\recycler\S-4-7-49-100012360-100019277-100015348-2900.com
d:\recycler\S-5-2-22-100028967-100010610-100014612-1764.com
d:\recycler\S-5-4-74-100030934-100002744-100016283-6181.com
d:\recycler\S-6-1-11-100032464-100002797-100019709-2782.com
d:\recycler\S-6-3-50-100012075-100004772-100030887-9906.com
d:\recycler\S-7-9-98-100006357-100016344-100012014-7938.com
d:\recycler\S-8-5-28-100005041-100010307-100021536-2904.com
d:\recycler\S-9-0-87-100029776-100011243-100000054-1920.com
d:\recycler\S-9-5-15-100017526-100006848-100029703-3017.com
F:\Autorun.inf
f:\recycler\S-0-0-88-100027177-100031667-100023557-4071.com
f:\recycler\S-1-2-13-100022050-100011090-100029345-9579.com
f:\recycler\S-1-4-21-100004662-100001485-100021909-2554.com
f:\recycler\S-1-4-61-100017208-100010145-100014534-1321.com
f:\recycler\S-2-1-71-100011774-100025134-100001830-4273.com
f:\recycler\S-2-2-54-100002519-100029140-100018767-5659.com
f:\recycler\S-2-7-23-100009972-100012335-100024067-8215.com
f:\recycler\S-3-1-14-100029448-100028363-100012423-4591.com
f:\recycler\S-3-8-61-100025970-100018480-100018562-9661.com
f:\recycler\S-4-0-83-100020072-100023039-100002529-2043.com
f:\recycler\S-4-2-32-100023882-100018892-100027613-6011.com
f:\recycler\S-4-6-67-100031977-100029957-100002413-1233.com
f:\recycler\S-4-7-49-100012360-100019277-100015348-2900.com
f:\recycler\S-5-2-22-100028967-100010610-100014612-1764.com
f:\recycler\S-5-4-74-100030934-100002744-100016283-6181.com
f:\recycler\S-6-1-11-100032464-100002797-100019709-2782.com
f:\recycler\S-6-3-50-100012075-100004772-100030887-9906.com
f:\recycler\S-7-9-98-100006357-100016344-100012014-7938.com
f:\recycler\S-8-5-28-100005041-100010307-100021536-2904.com
f:\recycler\S-9-0-87-100029776-100011243-100000054-1920.com
f:\recycler\S-9-5-15-100017526-100006848-100029703-3017.com
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-10 do 2009-02-10 )))))))))))))))))))))))))))))))
.
2009-02-10 14:17 . 2009-02-10 14:17 <DIR> d-------- c:\documents and settings\doma\Data aplikací\Malwarebytes
2009-02-10 14:17 . 2009-02-10 14:17 <DIR> d-------- c:\documents and settings\doma\Data aplikací\Malwarebytes
2009-02-10 14:17 . 2009-02-10 14:17 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-10 14:17 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 14:17 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-06 22:06 . 2009-02-10 17:47 139,280 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-02-06 22:05 . 2009-02-10 17:47 202,000 --a------ c:\windows\system32\PnkBstrB.exe
2009-02-04 12:51 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2009-02-04 12:51 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll
2009-02-04 12:51 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll
2009-02-04 12:51 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll
2009-02-04 12:51 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll
2009-02-04 12:51 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll
2009-01-31 22:36 . 2009-02-02 17:41 21,052 --a----t- c:\windows\system32\SIntfNT.dll
2009-01-31 22:36 . 2009-02-02 17:41 15,144 --a----t- c:\windows\system32\SIntf32.dll
2009-01-31 22:36 . 2009-02-02 17:41 12,067 --a----t- c:\windows\system32\SIntf16.dll
2009-01-31 15:58 . 2009-01-31 15:58 <DIR> d-------- c:\documents and settings\doma\Data aplikací\fltk.org
2009-01-31 15:58 . 2009-01-31 15:58 <DIR> d-------- c:\documents and settings\doma\Data aplikací\fltk.org
2009-01-30 21:39 . 2008-07-01 12:43 211 --ahs---- C:\BOOT.BKK
2009-01-30 21:36 . 2009-01-30 21:36 <DIR> d-------- c:\program files\TGTSoft
2009-01-30 21:22 . 2009-01-30 21:22 <DIR> dr-h----- c:\documents and settings\doma\Data aplikací\SecuROM
2009-01-30 21:22 . 2009-01-30 21:22 <DIR> dr-h----- c:\documents and settings\doma\Data aplikací\SecuROM
2009-01-30 21:00 . 2009-01-30 21:00 <DIR> d-------- c:\windows\Logs
2009-01-30 21:00 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2009-01-30 21:00 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2009-01-30 21:00 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2009-01-30 21:00 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2009-01-30 21:00 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2009-01-30 21:00 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2009-01-30 21:00 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2009-01-23 22:38 . 2009-01-23 22:38 <DIR> d-------- c:\program files\NVIDIA nTune Performance Application
2009-01-23 13:36 . 2009-01-23 13:36 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-01-17 20:25 . 2009-01-17 20:28 153,174 --a------ c:\windows\HPHins15.dat
2009-01-17 20:25 . 2007-08-28 07:45 2,828 --------- c:\windows\hphmdl15.dat
2009-01-17 12:36 . 2009-01-17 12:36 256 --a------ c:\windows\game.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 17:02 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-10 16:55 --------- d-----w c:\documents and settings\doma\Data aplikací\HLSW
2009-02-10 16:55 --------- d-----w c:\documents and settings\doma\Data aplikací\HLSW
2009-02-10 13:15 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 21:27 --------- d-----w c:\documents and settings\doma\Data aplikací\Skype
2009-02-08 21:27 --------- d-----w c:\documents and settings\doma\Data aplikací\Skype
2009-02-08 19:02 --------- d-----w c:\documents and settings\doma\Data aplikací\skypePM
2009-02-08 19:02 --------- d-----w c:\documents and settings\doma\Data aplikací\skypePM
2009-02-08 18:10 22,463 ----a-w c:\windows\system32\drivers\fwdrv.err
2009-02-06 21:05 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-04 15:59 --------- d-----w c:\documents and settings\doma\Data aplikací\gtk-2.0
2009-02-04 15:59 --------- d-----w c:\documents and settings\doma\Data aplikací\gtk-2.0
2009-02-01 14:49 --------- d-----w c:\documents and settings\doma\Data aplikací\Hamachi
2009-02-01 14:49 --------- d-----w c:\documents and settings\doma\Data aplikací\Hamachi
2009-01-30 19:59 22,328 ----a-w c:\documents and settings\doma\Data aplikací\PnkBstrK.sys
2009-01-30 19:59 22,328 ----a-w c:\documents and settings\doma\Data aplikací\PnkBstrK.sys
2009-01-23 21:38 --------- d-----w c:\program files\NVIDIA Corporation
2009-01-23 12:50 --------- d-----w c:\documents and settings\doma\Data aplikací\uTorrent
2009-01-23 12:50 --------- d-----w c:\documents and settings\doma\Data aplikací\uTorrent
2009-01-14 16:30 12,208 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-12-30 08:27 --------- d-s---w c:\program files\Xfire
2008-12-29 14:50 --------- d-----w c:\documents and settings\doma\Data aplikací\Xfire
2008-12-29 14:50 --------- d-----w c:\documents and settings\doma\Data aplikací\Xfire
2008-12-27 13:17 --------- d-----w c:\documents and settings\All Users\Data aplikací\Test Drive Unlimited
2008-12-26 22:42 --------- d-----w c:\documents and settings\doma\Data aplikací\unl-cdwu
2008-12-26 22:42 --------- d-----w c:\documents and settings\doma\Data aplikací\unl-cdwu
2008-12-26 11:45 --------- d-----w c:\program files\JetAudio
2008-12-26 11:45 --------- d-----w c:\documents and settings\doma\Data aplikací\COWON
2008-12-26 11:45 --------- d-----w c:\documents and settings\doma\Data aplikací\COWON
2008-12-25 18:33 --------- d-----w c:\program files\Webteh
2008-12-25 18:33 --------- d-----w c:\program files\BSPlayer
2008-12-24 21:43 17,480 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-12-24 21:41 --------- d-----w c:\documents and settings\doma\Data aplikací\teamspeak2
2008-12-24 21:41 --------- d-----w c:\documents and settings\doma\Data aplikací\teamspeak2
2008-12-24 19:51 --------- d-----w c:\program files\MSBuild
2008-12-24 19:49 --------- d-----w c:\program files\Reference Assemblies
2008-12-24 13:24 --------- d-----w c:\documents and settings\doma\Data aplikací\ICQ
2008-12-24 13:24 --------- d-----w c:\documents and settings\doma\Data aplikací\ICQ
2008-12-23 20:42 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-23 20:42 --------- d-----w c:\program files\AGEIA Technologies
2008-12-15 15:01 --------- d-----w c:\program files\Skype
2008-12-15 15:01 --------- d-----w c:\program files\Common Files\Skype
2008-12-15 15:01 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2008-12-11 20:37 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-12-10 19:13 --------- d-----w c:\documents and settings\All Users\Data aplikací\HP
2008-11-27 16:32 3,022 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-11-24 19:08 403,232 ----a-w c:\windows\Mazda6 MPS.scr
2008-11-24 19:08 30,208 ----a-w c:\windows\mickey32.dll
2008-11-24 19:08 3,534,222 ----a-w c:\windows\Mazda6 MPS.exe
2008-11-24 19:07 403,232 ----a-w c:\windows\Mazda - DISI.scr
2008-11-24 19:07 1,350,889 ----a-w c:\windows\Mazda - DISI.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"H/PC Connection Agent"="d:\mio active\wcescomm.exe" [2006-06-21 1211176]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"Fraps"="f:\rosta\FRAPS1\FRAPS.EXE" [2008-01-14 913064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-06-30 921600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-16 155648]
"UVS11 Preload"="f:\ulead 11\uvPL.exe" [2007-03-03 341488]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\doma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-15 1208320]
ImageMixer 3 SE Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe [2008-07-08 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"VIDC.AP41"= APmpg4v1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"d:\mio active\rapimgr.exe"= d:\mio active\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\mio active\wcescomm.exe"= d:\mio active\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\mio active\WCESMgr.exe"= d:\mio active\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"f:\\Rosta\\CoD4\\CoD4\\iw3mp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"f:\\Hry\\Test driver\\TestDriveUnlimited.exe"=
"f:\\Rosta\\HLSW\\hlsw.exe"=
"f:\\Hry\\Call of Duty 5 World at War\\CoDWaW_LANFixed.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Hry\\Call of Duty 5 World at War\\CoDWaW.exe"=
"f:\\Hry\\Call of Duty 5 World at War\\CoDWaWmp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2008-07-01 210224]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-04-26 72624]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2001-10-25 69120]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe --> c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-08-15 22640]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-RGSC - f:\hry\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.servis24.cz/
LSP: c:\windows\System32\imon.dll
FF - ProfilePath - c:\documents and settings\doma\Data aplikací\Mozilla\Firefox\Profiles\6uj5zjnu.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Opera\program\plugins\NPDocBox.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 18:24:17
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1292428093-1960408961-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:d7,76,ab,4f,20,85,e2,c9,46,57,1e,1c,48,cc,76,1d,ec,83,be,37,d5,
37,44,96,49,3f,5c,e5,7e,f1,08,ff,b2,3d,8b,47,20,22,d8,4c,67,ea,21,c7,35,11,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,b8,85,bc,e2,c2,
a4,37,1b,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,27,5d,d5,2c,0c,
28,24,16,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,75,b5,94,a9,af,
70,2c,8c,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,eb,da,ae,d2,54,
a7,88,7d,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,58,d7,74,13,e9,
56,3e,42,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,cd,d7,94,18,cb,
0c,e0,0d,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,d0,9d,e9,35,62,
c3,57,ef,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,88,1c,a1,07,5d,
41,59,17,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,de,da,e1,cb,92,
b7,c3,e0,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,3b,2b,bd,df,63,
35,0e,b6,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,b3,f0,86,4d,e2,
35,20,d4,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,a6,b7,47,02,b5,
34,ce,c5,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1008)
c:\windows\System32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2009-02-10 18:26:39
ComboFix-quarantined-files.txt 2009-02-10 17:26:35
Před spuštěním: 9,327,910,912
Po spuštění: 9,391,632,384
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
346
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Nejdou otevřít disky
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\windows\system32\SIntfNT.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntf16.dll
Vlož sem pak odkazy výsledků.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\windows\system32\SIntfNT.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntf16.dll
Vlož sem pak odkazy výsledků.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
jackson8800
- Level 1
- Příspěvky: 91
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Nejdou otevřít disky
ComboFix 09-02-08.02 - doma 2009-02-10 19:30:45.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.2047.1606 [GMT 1:00]
Spuštěný z: c:\documents and settings\doma\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\doma\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning enabled* (Updated)
FW: Sunbelt Personal Firewall *disabled*
* Vytvořen nový Bod Obnovení
* Resident AV is active
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-10 do 2009-02-10 )))))))))))))))))))))))))))))))
.
2009-02-10 14:17 . 2009-02-10 14:17 <DIR> d-------- c:\documents and settings\doma\Data aplikací\Malwarebytes
2009-02-10 14:17 . 2009-02-10 14:17 <DIR> d-------- c:\documents and settings\doma\Data aplikací\Malwarebytes
2009-02-10 14:17 . 2009-02-10 14:17 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-10 14:17 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 14:17 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-06 22:06 . 2009-02-10 17:47 139,280 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-02-06 22:05 . 2009-02-10 17:47 202,000 --a------ c:\windows\system32\PnkBstrB.exe
2009-02-04 12:51 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2009-02-04 12:51 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll
2009-02-04 12:51 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll
2009-02-04 12:51 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll
2009-02-04 12:51 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll
2009-02-04 12:51 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll
2009-01-31 22:36 . 2009-02-02 17:41 21,052 --a----t- c:\windows\system32\SIntfNT.dll
2009-01-31 22:36 . 2009-02-02 17:41 15,144 --a----t- c:\windows\system32\SIntf32.dll
2009-01-31 22:36 . 2009-02-02 17:41 12,067 --a----t- c:\windows\system32\SIntf16.dll
2009-01-31 15:58 . 2009-01-31 15:58 <DIR> d-------- c:\documents and settings\doma\Data aplikací\fltk.org
2009-01-31 15:58 . 2009-01-31 15:58 <DIR> d-------- c:\documents and settings\doma\Data aplikací\fltk.org
2009-01-30 21:39 . 2008-07-01 12:43 211 --ahs---- C:\BOOT.BKK
2009-01-30 21:36 . 2009-01-30 21:36 <DIR> d-------- c:\program files\TGTSoft
2009-01-30 21:22 . 2009-01-30 21:22 <DIR> dr-h----- c:\documents and settings\doma\Data aplikací\SecuROM
2009-01-30 21:22 . 2009-01-30 21:22 <DIR> dr-h----- c:\documents and settings\doma\Data aplikací\SecuROM
2009-01-30 21:00 . 2009-01-30 21:00 <DIR> d-------- c:\windows\Logs
2009-01-30 21:00 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2009-01-30 21:00 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2009-01-30 21:00 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2009-01-30 21:00 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2009-01-30 21:00 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2009-01-30 21:00 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2009-01-30 21:00 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2009-01-23 22:38 . 2009-01-23 22:38 <DIR> d-------- c:\program files\NVIDIA nTune Performance Application
2009-01-23 13:36 . 2009-01-23 13:36 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-01-17 20:25 . 2009-01-17 20:28 153,174 --a------ c:\windows\HPHins15.dat
2009-01-17 20:25 . 2007-08-28 07:45 2,828 --------- c:\windows\hphmdl15.dat
2009-01-17 12:36 . 2009-01-17 12:36 256 --a------ c:\windows\game.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 17:02 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-10 16:55 --------- d-----w c:\documents and settings\doma\Data aplikací\HLSW
2009-02-10 16:55 --------- d-----w c:\documents and settings\doma\Data aplikací\HLSW
2009-02-10 13:15 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 21:27 --------- d-----w c:\documents and settings\doma\Data aplikací\Skype
2009-02-08 21:27 --------- d-----w c:\documents and settings\doma\Data aplikací\Skype
2009-02-08 19:02 --------- d-----w c:\documents and settings\doma\Data aplikací\skypePM
2009-02-08 19:02 --------- d-----w c:\documents and settings\doma\Data aplikací\skypePM
2009-02-08 18:10 22,463 ----a-w c:\windows\system32\drivers\fwdrv.err
2009-02-06 21:05 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-04 15:59 --------- d-----w c:\documents and settings\doma\Data aplikací\gtk-2.0
2009-02-04 15:59 --------- d-----w c:\documents and settings\doma\Data aplikací\gtk-2.0
2009-02-01 14:49 --------- d-----w c:\documents and settings\doma\Data aplikací\Hamachi
2009-02-01 14:49 --------- d-----w c:\documents and settings\doma\Data aplikací\Hamachi
2009-01-30 19:59 22,328 ----a-w c:\documents and settings\doma\Data aplikací\PnkBstrK.sys
2009-01-30 19:59 22,328 ----a-w c:\documents and settings\doma\Data aplikací\PnkBstrK.sys
2009-01-23 21:38 --------- d-----w c:\program files\NVIDIA Corporation
2009-01-23 12:50 --------- d-----w c:\documents and settings\doma\Data aplikací\uTorrent
2009-01-23 12:50 --------- d-----w c:\documents and settings\doma\Data aplikací\uTorrent
2009-01-14 16:30 12,208 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-12-30 08:27 --------- d-s---w c:\program files\Xfire
2008-12-29 14:50 --------- d-----w c:\documents and settings\doma\Data aplikací\Xfire
2008-12-29 14:50 --------- d-----w c:\documents and settings\doma\Data aplikací\Xfire
2008-12-27 13:17 --------- d-----w c:\documents and settings\All Users\Data aplikací\Test Drive Unlimited
2008-12-26 22:42 --------- d-----w c:\documents and settings\doma\Data aplikací\unl-cdwu
2008-12-26 22:42 --------- d-----w c:\documents and settings\doma\Data aplikací\unl-cdwu
2008-12-26 11:45 --------- d-----w c:\program files\JetAudio
2008-12-26 11:45 --------- d-----w c:\documents and settings\doma\Data aplikací\COWON
2008-12-26 11:45 --------- d-----w c:\documents and settings\doma\Data aplikací\COWON
2008-12-25 18:33 --------- d-----w c:\program files\Webteh
2008-12-25 18:33 --------- d-----w c:\program files\BSPlayer
2008-12-24 21:43 17,480 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-12-24 21:41 --------- d-----w c:\documents and settings\doma\Data aplikací\teamspeak2
2008-12-24 21:41 --------- d-----w c:\documents and settings\doma\Data aplikací\teamspeak2
2008-12-24 19:51 --------- d-----w c:\program files\MSBuild
2008-12-24 19:49 --------- d-----w c:\program files\Reference Assemblies
2008-12-24 13:24 --------- d-----w c:\documents and settings\doma\Data aplikací\ICQ
2008-12-24 13:24 --------- d-----w c:\documents and settings\doma\Data aplikací\ICQ
2008-12-23 20:42 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-23 20:42 --------- d-----w c:\program files\AGEIA Technologies
2008-12-15 15:01 --------- d-----w c:\program files\Skype
2008-12-15 15:01 --------- d-----w c:\program files\Common Files\Skype
2008-12-15 15:01 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2008-12-11 20:37 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-12-10 19:13 --------- d-----w c:\documents and settings\All Users\Data aplikací\HP
2008-11-27 16:32 3,022 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-11-24 19:08 403,232 ----a-w c:\windows\Mazda6 MPS.scr
2008-11-24 19:08 30,208 ----a-w c:\windows\mickey32.dll
2008-11-24 19:08 3,534,222 ----a-w c:\windows\Mazda6 MPS.exe
2008-11-24 19:07 403,232 ----a-w c:\windows\Mazda - DISI.scr
2008-11-24 19:07 1,350,889 ----a-w c:\windows\Mazda - DISI.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"H/PC Connection Agent"="d:\mio active\wcescomm.exe" [2006-06-21 1211176]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"Fraps"="f:\rosta\FRAPS1\FRAPS.EXE" [2008-01-14 913064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-06-30 921600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-16 155648]
"UVS11 Preload"="f:\ulead 11\uvPL.exe" [2007-03-03 341488]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\doma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-15 1208320]
ImageMixer 3 SE Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe [2008-07-08 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"VIDC.AP41"= APmpg4v1.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"d:\mio active\rapimgr.exe"= d:\mio active\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\mio active\wcescomm.exe"= d:\mio active\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\mio active\WCESMgr.exe"= d:\mio active\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"f:\\Rosta\\CoD4\\CoD4\\iw3mp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"f:\\Hry\\Test driver\\TestDriveUnlimited.exe"=
"f:\\Rosta\\HLSW\\hlsw.exe"=
"f:\\Hry\\Call of Duty 5 World at War\\CoDWaW_LANFixed.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Hry\\Call of Duty 5 World at War\\CoDWaW.exe"=
"f:\\Hry\\Call of Duty 5 World at War\\CoDWaWmp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2008-07-01 210224]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-04-26 72624]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2001-10-25 69120]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe --> c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-08-15 22640]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.servis24.cz/
LSP: c:\windows\System32\imon.dll
FF - ProfilePath - c:\documents and settings\doma\Data aplikací\Mozilla\Firefox\Profiles\6uj5zjnu.default\
FF - plugin: c:\program files\Opera\program\plugins\NPDocBox.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 19:34:57
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1292428093-1960408961-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:d7,76,ab,4f,20,85,e2,c9,46,57,1e,1c,48,cc,76,1d,ec,83,be,37,d5,
37,44,96,49,3f,5c,e5,7e,f1,08,ff,b2,3d,8b,47,20,22,d8,4c,67,ea,21,c7,35,11,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,b8,85,bc,e2,c2,
a4,37,1b,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,27,5d,d5,2c,0c,
28,24,16,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,75,b5,94,a9,af,
70,2c,8c,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,eb,da,ae,d2,54,
a7,88,7d,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,58,d7,74,13,e9,
56,3e,42,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,cd,d7,94,18,cb,
0c,e0,0d,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,d0,9d,e9,35,62,
c3,57,ef,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,88,1c,a1,07,5d,
41,59,17,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,de,da,e1,cb,92,
b7,c3,e0,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,3b,2b,bd,df,63,
35,0e,b6,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,b3,f0,86,4d,e2,
35,20,d4,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,a6,b7,47,02,b5,
34,ce,c5,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1008)
c:\windows\System32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\msi.dll
.
Celkový čas: 2009-02-10 19:37:16
ComboFix-quarantined-files.txt 2009-02-10 18:37:12
ComboFix2.txt 2009-02-10 17:26:42
Před spuštěním: 9 389 154 304
Po spuštění: 9,371,668,480
271
------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:43, on 10.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\CF13055.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
F:\Rosta\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.servis24.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] F:\Ulead 11\uvPL.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\mio active\wcescomm.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Fraps] F:\ROSTA\FRAPS1\FRAPS.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\MIOACT~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MIOACT~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MIOACT~1\INetRepl.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
--
End of file - 6261 bytes
------------------------------------------------------------------------------------------------------------------------------
Snad to mám dobře:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.93 2009.02.10 -
AhnLab-V3 5.0.0.2 2009.02.10 -
AntiVir 7.9.0.76 2009.02.10 -
Authentium 5.1.0.4 2009.02.10 -
Avast 4.8.1335.0 2009.02.09 -
AVG 8.0.0.229 2009.02.10 -
BitDefender 7.2 2009.02.10 -
CAT-QuickHeal 10.00 2009.02.10 -
ClamAV 0.94.1 2009.02.10 -
Comodo 973 2009.02.10 -
DrWeb 4.44.0.09170 2009.02.10 -
eSafe 7.0.17.0 2009.02.09 Suspicious File
eTrust-Vet 31.6.6348 2009.02.10 -
F-Prot 4.4.4.56 2009.02.10 -
F-Secure 8.0.14470.0 2009.02.10 -
Fortinet 3.117.0.0 2009.02.10 -
GData 19 2009.02.10 -
Ikarus T3.1.1.45.0 2009.02.10 -
K7AntiVirus 7.10.626 2009.02.10 -
Kaspersky 7.0.0.125 2009.02.10 -
McAfee 5521 2009.02.10 -
McAfee+Artemis 5521 2009.02.09 -
Microsoft 1.4306 2009.02.10 -
NOD32 3843 2009.02.10 -
Norman 6.00.02 2009.02.09 -
nProtect 2009.1.8.0 2009.02.10 -
Panda 10.0.0.10 2009.02.10 -
PCTools 4.4.2.0 2009.02.10 -
Prevx1 V2 2009.02.10 -
Rising 21.16.12.00 2009.02.10 -
SecureWeb-Gateway 6.7.6 2009.02.10 -
Sophos 4.38.0 2009.02.10 -
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.10 -
TheHacker 6.3.1.5.250 2009.02.09 -
TrendMicro 8.700.0.1004 2009.02.10 PAK_Generic.001
VBA32 3.12.8.12 2009.02.10 -
ViRobot 2009.2.10.1599 2009.02.10 -
VirusBuster 4.5.11.0 2009.02.10 -
--------------------------------------------------------------------------------------------------------
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.93 2009.02.10 -
AhnLab-V3 5.0.0.2 2009.02.10 -
AntiVir 7.9.0.76 2009.02.10 -
Authentium 5.1.0.4 2009.02.10 -
Avast 4.8.1335.0 2009.02.09 -
AVG 8.0.0.229 2009.02.10 -
BitDefender 7.2 2009.02.10 -
CAT-QuickHeal 10.00 2009.02.10 -
ClamAV 0.94.1 2009.02.10 -
Comodo 973 2009.02.10 -
DrWeb 4.44.0.09170 2009.02.10 -
eSafe 7.0.17.0 2009.02.09 Suspicious File
eTrust-Vet 31.6.6348 2009.02.10 -
F-Prot 4.4.4.56 2009.02.10 -
F-Secure 8.0.14470.0 2009.02.10 -
Fortinet 3.117.0.0 2009.02.10 -
GData 19 2009.02.10 -
Ikarus T3.1.1.45.0 2009.02.10 -
K7AntiVirus 7.10.626 2009.02.10 -
Kaspersky 7.0.0.125 2009.02.10 -
McAfee 5521 2009.02.10 -
McAfee+Artemis 5521 2009.02.09 -
Microsoft 1.4306 2009.02.10 -
NOD32 3843 2009.02.10 -
Norman 6.00.02 2009.02.09 -
nProtect 2009.1.8.0 2009.02.10 -
Panda 10.0.0.10 2009.02.10 -
PCTools 4.4.2.0 2009.02.10 -
Prevx1 V2 2009.02.10 -
Rising 21.16.12.00 2009.02.10 -
SecureWeb-Gateway 6.7.6 2009.02.10 -
Sophos 4.38.0 2009.02.10 -
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.10 -
TheHacker 6.3.1.5.250 2009.02.09 -
TrendMicro 8.700.0.1004 2009.02.10 -
VBA32 3.12.8.12 2009.02.10 -
ViRobot 2009.2.10.1599 2009.02.10 -
VirusBuster 4.5.11.0 2009.02.10 -
-------------------------------------------------------------------------------
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.93 2009.02.10 -
AhnLab-V3 5.0.0.2 2009.02.10 -
AntiVir 7.9.0.76 2009.02.10 -
Authentium 5.1.0.4 2009.02.10 -
Avast 4.8.1335.0 2009.02.09 -
AVG 8.0.0.229 2009.02.10 -
BitDefender 7.2 2009.02.10 -
CAT-QuickHeal 10.00 2009.02.10 -
ClamAV 0.94.1 2009.02.10 -
Comodo 973 2009.02.10 -
DrWeb 4.44.0.09170 2009.02.10 -
eSafe 7.0.17.0 2009.02.09 -
eTrust-Vet 31.6.6348 2009.02.10 -
F-Prot 4.4.4.56 2009.02.10 -
F-Secure 8.0.14470.0 2009.02.10 -
Fortinet 3.117.0.0 2009.02.10 -
GData 19 2009.02.10 -
Ikarus T3.1.1.45.0 2009.02.10 -
K7AntiVirus 7.10.626 2009.02.10 -
Kaspersky 7.0.0.125 2009.02.10 -
McAfee 5521 2009.02.10 -
McAfee+Artemis 5521 2009.02.09 -
Microsoft 1.4306 2009.02.10 -
NOD32 3843 2009.02.10 -
Norman 6.00.02 2009.02.09 -
nProtect 2009.1.8.0 2009.02.10 -
Panda 10.0.0.10 2009.02.10 -
PCTools 4.4.2.0 2009.02.10 -
Prevx1 V2 2009.02.10 -
Rising 21.16.12.00 2009.02.10 -
SecureWeb-Gateway 6.7.6 2009.02.10 -
Sophos 4.38.0 2009.02.10 -
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.10 -
TheHacker 6.3.1.5.250 2009.02.09 -
TrendMicro 8.700.0.1004 2009.02.10 -
VBA32 3.12.8.12 2009.02.10 -
ViRobot 2009.2.10.1599 2009.02.10 -
VirusBuster 4.5.11.0 2009.02.10 -
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.2047.1606 [GMT 1:00]
Spuštěný z: c:\documents and settings\doma\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\doma\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning enabled* (Updated)
FW: Sunbelt Personal Firewall *disabled*
* Vytvořen nový Bod Obnovení
* Resident AV is active
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-01-10 do 2009-02-10 )))))))))))))))))))))))))))))))
.
2009-02-10 14:17 . 2009-02-10 14:17 <DIR> d-------- c:\documents and settings\doma\Data aplikací\Malwarebytes
2009-02-10 14:17 . 2009-02-10 14:17 <DIR> d-------- c:\documents and settings\doma\Data aplikací\Malwarebytes
2009-02-10 14:17 . 2009-02-10 14:17 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2009-02-10 14:17 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 14:17 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-06 22:06 . 2009-02-10 17:47 139,280 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-02-06 22:05 . 2009-02-10 17:47 202,000 --a------ c:\windows\system32\PnkBstrB.exe
2009-02-04 12:51 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll
2009-02-04 12:51 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll
2009-02-04 12:51 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll
2009-02-04 12:51 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll
2009-02-04 12:51 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll
2009-02-04 12:51 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll
2009-01-31 22:36 . 2009-02-02 17:41 21,052 --a----t- c:\windows\system32\SIntfNT.dll
2009-01-31 22:36 . 2009-02-02 17:41 15,144 --a----t- c:\windows\system32\SIntf32.dll
2009-01-31 22:36 . 2009-02-02 17:41 12,067 --a----t- c:\windows\system32\SIntf16.dll
2009-01-31 15:58 . 2009-01-31 15:58 <DIR> d-------- c:\documents and settings\doma\Data aplikací\fltk.org
2009-01-31 15:58 . 2009-01-31 15:58 <DIR> d-------- c:\documents and settings\doma\Data aplikací\fltk.org
2009-01-30 21:39 . 2008-07-01 12:43 211 --ahs---- C:\BOOT.BKK
2009-01-30 21:36 . 2009-01-30 21:36 <DIR> d-------- c:\program files\TGTSoft
2009-01-30 21:22 . 2009-01-30 21:22 <DIR> dr-h----- c:\documents and settings\doma\Data aplikací\SecuROM
2009-01-30 21:22 . 2009-01-30 21:22 <DIR> dr-h----- c:\documents and settings\doma\Data aplikací\SecuROM
2009-01-30 21:00 . 2009-01-30 21:00 <DIR> d-------- c:\windows\Logs
2009-01-30 21:00 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll
2009-01-30 21:00 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2009-01-30 21:00 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2009-01-30 21:00 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll
2009-01-30 21:00 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2009-01-30 21:00 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2009-01-30 21:00 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2009-01-23 22:38 . 2009-01-23 22:38 <DIR> d-------- c:\program files\NVIDIA nTune Performance Application
2009-01-23 13:36 . 2009-01-23 13:36 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-01-17 20:25 . 2009-01-17 20:28 153,174 --a------ c:\windows\HPHins15.dat
2009-01-17 20:25 . 2007-08-28 07:45 2,828 --------- c:\windows\hphmdl15.dat
2009-01-17 12:36 . 2009-01-17 12:36 256 --a------ c:\windows\game.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 17:02 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-02-10 16:55 --------- d-----w c:\documents and settings\doma\Data aplikací\HLSW
2009-02-10 16:55 --------- d-----w c:\documents and settings\doma\Data aplikací\HLSW
2009-02-10 13:15 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-08 21:27 --------- d-----w c:\documents and settings\doma\Data aplikací\Skype
2009-02-08 21:27 --------- d-----w c:\documents and settings\doma\Data aplikací\Skype
2009-02-08 19:02 --------- d-----w c:\documents and settings\doma\Data aplikací\skypePM
2009-02-08 19:02 --------- d-----w c:\documents and settings\doma\Data aplikací\skypePM
2009-02-08 18:10 22,463 ----a-w c:\windows\system32\drivers\fwdrv.err
2009-02-06 21:05 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-04 15:59 --------- d-----w c:\documents and settings\doma\Data aplikací\gtk-2.0
2009-02-04 15:59 --------- d-----w c:\documents and settings\doma\Data aplikací\gtk-2.0
2009-02-01 14:49 --------- d-----w c:\documents and settings\doma\Data aplikací\Hamachi
2009-02-01 14:49 --------- d-----w c:\documents and settings\doma\Data aplikací\Hamachi
2009-01-30 19:59 22,328 ----a-w c:\documents and settings\doma\Data aplikací\PnkBstrK.sys
2009-01-30 19:59 22,328 ----a-w c:\documents and settings\doma\Data aplikací\PnkBstrK.sys
2009-01-23 21:38 --------- d-----w c:\program files\NVIDIA Corporation
2009-01-23 12:50 --------- d-----w c:\documents and settings\doma\Data aplikací\uTorrent
2009-01-23 12:50 --------- d-----w c:\documents and settings\doma\Data aplikací\uTorrent
2009-01-14 16:30 12,208 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-12-30 08:27 --------- d-s---w c:\program files\Xfire
2008-12-29 14:50 --------- d-----w c:\documents and settings\doma\Data aplikací\Xfire
2008-12-29 14:50 --------- d-----w c:\documents and settings\doma\Data aplikací\Xfire
2008-12-27 13:17 --------- d-----w c:\documents and settings\All Users\Data aplikací\Test Drive Unlimited
2008-12-26 22:42 --------- d-----w c:\documents and settings\doma\Data aplikací\unl-cdwu
2008-12-26 22:42 --------- d-----w c:\documents and settings\doma\Data aplikací\unl-cdwu
2008-12-26 11:45 --------- d-----w c:\program files\JetAudio
2008-12-26 11:45 --------- d-----w c:\documents and settings\doma\Data aplikací\COWON
2008-12-26 11:45 --------- d-----w c:\documents and settings\doma\Data aplikací\COWON
2008-12-25 18:33 --------- d-----w c:\program files\Webteh
2008-12-25 18:33 --------- d-----w c:\program files\BSPlayer
2008-12-24 21:43 17,480 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-12-24 21:41 --------- d-----w c:\documents and settings\doma\Data aplikací\teamspeak2
2008-12-24 21:41 --------- d-----w c:\documents and settings\doma\Data aplikací\teamspeak2
2008-12-24 19:51 --------- d-----w c:\program files\MSBuild
2008-12-24 19:49 --------- d-----w c:\program files\Reference Assemblies
2008-12-24 13:24 --------- d-----w c:\documents and settings\doma\Data aplikací\ICQ
2008-12-24 13:24 --------- d-----w c:\documents and settings\doma\Data aplikací\ICQ
2008-12-23 20:42 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-23 20:42 --------- d-----w c:\program files\AGEIA Technologies
2008-12-15 15:01 --------- d-----w c:\program files\Skype
2008-12-15 15:01 --------- d-----w c:\program files\Common Files\Skype
2008-12-15 15:01 --------- d-----w c:\documents and settings\All Users\Data aplikací\Skype
2008-12-11 20:37 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-12-10 19:13 --------- d-----w c:\documents and settings\All Users\Data aplikací\HP
2008-11-27 16:32 3,022 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-11-24 19:08 403,232 ----a-w c:\windows\Mazda6 MPS.scr
2008-11-24 19:08 30,208 ----a-w c:\windows\mickey32.dll
2008-11-24 19:08 3,534,222 ----a-w c:\windows\Mazda6 MPS.exe
2008-11-24 19:07 403,232 ----a-w c:\windows\Mazda - DISI.scr
2008-11-24 19:07 1,350,889 ----a-w c:\windows\Mazda - DISI.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-17 1667584]
"H/PC Connection Agent"="d:\mio active\wcescomm.exe" [2006-06-21 1211176]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"Fraps"="f:\rosta\FRAPS1\FRAPS.EXE" [2008-01-14 913064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-06-30 921600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-16 155648]
"UVS11 Preload"="f:\ulead 11\uvPL.exe" [2007-03-03 341488]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\doma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2005-06-15 1208320]
ImageMixer 3 SE Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe [2008-07-08 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"VIDC.AP41"= APmpg4v1.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"d:\mio active\rapimgr.exe"= d:\mio active\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\mio active\wcescomm.exe"= d:\mio active\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\mio active\WCESMgr.exe"= d:\mio active\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"f:\\Rosta\\CoD4\\CoD4\\iw3mp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"f:\\Hry\\Test driver\\TestDriveUnlimited.exe"=
"f:\\Rosta\\HLSW\\hlsw.exe"=
"f:\\Hry\\Call of Duty 5 World at War\\CoDWaW_LANFixed.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Hry\\Call of Duty 5 World at War\\CoDWaW.exe"=
"f:\\Hry\\Call of Duty 5 World at War\\CoDWaWmp.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2008-07-01 210224]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [2007-04-26 72624]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2001-10-25 69120]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe --> c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-08-15 22640]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.servis24.cz/
LSP: c:\windows\System32\imon.dll
FF - ProfilePath - c:\documents and settings\doma\Data aplikací\Mozilla\Firefox\Profiles\6uj5zjnu.default\
FF - plugin: c:\program files\Opera\program\plugins\NPDocBox.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 19:34:57
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1292428093-1960408961-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:d7,76,ab,4f,20,85,e2,c9,46,57,1e,1c,48,cc,76,1d,ec,83,be,37,d5,
37,44,96,49,3f,5c,e5,7e,f1,08,ff,b2,3d,8b,47,20,22,d8,4c,67,ea,21,c7,35,11,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,b8,85,bc,e2,c2,
a4,37,1b,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,27,5d,d5,2c,0c,
28,24,16,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,75,b5,94,a9,af,
70,2c,8c,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,eb,da,ae,d2,54,
a7,88,7d,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,58,d7,74,13,e9,
56,3e,42,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,cd,d7,94,18,cb,
0c,e0,0d,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,d0,9d,e9,35,62,
c3,57,ef,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,88,1c,a1,07,5d,
41,59,17,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,de,da,e1,cb,92,
b7,c3,e0,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,3b,2b,bd,df,63,
35,0e,b6,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,b3,f0,86,4d,e2,
35,20,d4,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,a6,b7,47,02,b5,
34,ce,c5,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'lsass.exe'(1008)
c:\windows\System32\imon.dll
c:\program files\Eset\pr_imon.dll
- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\msi.dll
.
Celkový čas: 2009-02-10 19:37:16
ComboFix-quarantined-files.txt 2009-02-10 18:37:12
ComboFix2.txt 2009-02-10 17:26:42
Před spuštěním: 9 389 154 304
Po spuštění: 9,371,668,480
271
------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:43, on 10.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\CF13055.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
F:\Rosta\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.servis24.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] F:\Ulead 11\uvPL.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\mio active\wcescomm.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Fraps] F:\ROSTA\FRAPS1\FRAPS.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\MIOACT~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MIOACT~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MIOACT~1\INetRepl.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
--
End of file - 6261 bytes
------------------------------------------------------------------------------------------------------------------------------
Snad to mám dobře:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.93 2009.02.10 -
AhnLab-V3 5.0.0.2 2009.02.10 -
AntiVir 7.9.0.76 2009.02.10 -
Authentium 5.1.0.4 2009.02.10 -
Avast 4.8.1335.0 2009.02.09 -
AVG 8.0.0.229 2009.02.10 -
BitDefender 7.2 2009.02.10 -
CAT-QuickHeal 10.00 2009.02.10 -
ClamAV 0.94.1 2009.02.10 -
Comodo 973 2009.02.10 -
DrWeb 4.44.0.09170 2009.02.10 -
eSafe 7.0.17.0 2009.02.09 Suspicious File
eTrust-Vet 31.6.6348 2009.02.10 -
F-Prot 4.4.4.56 2009.02.10 -
F-Secure 8.0.14470.0 2009.02.10 -
Fortinet 3.117.0.0 2009.02.10 -
GData 19 2009.02.10 -
Ikarus T3.1.1.45.0 2009.02.10 -
K7AntiVirus 7.10.626 2009.02.10 -
Kaspersky 7.0.0.125 2009.02.10 -
McAfee 5521 2009.02.10 -
McAfee+Artemis 5521 2009.02.09 -
Microsoft 1.4306 2009.02.10 -
NOD32 3843 2009.02.10 -
Norman 6.00.02 2009.02.09 -
nProtect 2009.1.8.0 2009.02.10 -
Panda 10.0.0.10 2009.02.10 -
PCTools 4.4.2.0 2009.02.10 -
Prevx1 V2 2009.02.10 -
Rising 21.16.12.00 2009.02.10 -
SecureWeb-Gateway 6.7.6 2009.02.10 -
Sophos 4.38.0 2009.02.10 -
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.10 -
TheHacker 6.3.1.5.250 2009.02.09 -
TrendMicro 8.700.0.1004 2009.02.10 PAK_Generic.001
VBA32 3.12.8.12 2009.02.10 -
ViRobot 2009.2.10.1599 2009.02.10 -
VirusBuster 4.5.11.0 2009.02.10 -
--------------------------------------------------------------------------------------------------------
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.93 2009.02.10 -
AhnLab-V3 5.0.0.2 2009.02.10 -
AntiVir 7.9.0.76 2009.02.10 -
Authentium 5.1.0.4 2009.02.10 -
Avast 4.8.1335.0 2009.02.09 -
AVG 8.0.0.229 2009.02.10 -
BitDefender 7.2 2009.02.10 -
CAT-QuickHeal 10.00 2009.02.10 -
ClamAV 0.94.1 2009.02.10 -
Comodo 973 2009.02.10 -
DrWeb 4.44.0.09170 2009.02.10 -
eSafe 7.0.17.0 2009.02.09 Suspicious File
eTrust-Vet 31.6.6348 2009.02.10 -
F-Prot 4.4.4.56 2009.02.10 -
F-Secure 8.0.14470.0 2009.02.10 -
Fortinet 3.117.0.0 2009.02.10 -
GData 19 2009.02.10 -
Ikarus T3.1.1.45.0 2009.02.10 -
K7AntiVirus 7.10.626 2009.02.10 -
Kaspersky 7.0.0.125 2009.02.10 -
McAfee 5521 2009.02.10 -
McAfee+Artemis 5521 2009.02.09 -
Microsoft 1.4306 2009.02.10 -
NOD32 3843 2009.02.10 -
Norman 6.00.02 2009.02.09 -
nProtect 2009.1.8.0 2009.02.10 -
Panda 10.0.0.10 2009.02.10 -
PCTools 4.4.2.0 2009.02.10 -
Prevx1 V2 2009.02.10 -
Rising 21.16.12.00 2009.02.10 -
SecureWeb-Gateway 6.7.6 2009.02.10 -
Sophos 4.38.0 2009.02.10 -
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.10 -
TheHacker 6.3.1.5.250 2009.02.09 -
TrendMicro 8.700.0.1004 2009.02.10 -
VBA32 3.12.8.12 2009.02.10 -
ViRobot 2009.2.10.1599 2009.02.10 -
VirusBuster 4.5.11.0 2009.02.10 -
-------------------------------------------------------------------------------
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.0.0.93 2009.02.10 -
AhnLab-V3 5.0.0.2 2009.02.10 -
AntiVir 7.9.0.76 2009.02.10 -
Authentium 5.1.0.4 2009.02.10 -
Avast 4.8.1335.0 2009.02.09 -
AVG 8.0.0.229 2009.02.10 -
BitDefender 7.2 2009.02.10 -
CAT-QuickHeal 10.00 2009.02.10 -
ClamAV 0.94.1 2009.02.10 -
Comodo 973 2009.02.10 -
DrWeb 4.44.0.09170 2009.02.10 -
eSafe 7.0.17.0 2009.02.09 -
eTrust-Vet 31.6.6348 2009.02.10 -
F-Prot 4.4.4.56 2009.02.10 -
F-Secure 8.0.14470.0 2009.02.10 -
Fortinet 3.117.0.0 2009.02.10 -
GData 19 2009.02.10 -
Ikarus T3.1.1.45.0 2009.02.10 -
K7AntiVirus 7.10.626 2009.02.10 -
Kaspersky 7.0.0.125 2009.02.10 -
McAfee 5521 2009.02.10 -
McAfee+Artemis 5521 2009.02.09 -
Microsoft 1.4306 2009.02.10 -
NOD32 3843 2009.02.10 -
Norman 6.00.02 2009.02.09 -
nProtect 2009.1.8.0 2009.02.10 -
Panda 10.0.0.10 2009.02.10 -
PCTools 4.4.2.0 2009.02.10 -
Prevx1 V2 2009.02.10 -
Rising 21.16.12.00 2009.02.10 -
SecureWeb-Gateway 6.7.6 2009.02.10 -
Sophos 4.38.0 2009.02.10 -
Sunbelt 3.2.1847.2 2009.02.07 -
Symantec 10 2009.02.10 -
TheHacker 6.3.1.5.250 2009.02.09 -
TrendMicro 8.700.0.1004 2009.02.10 -
VBA32 3.12.8.12 2009.02.10 -
ViRobot 2009.2.10.1599 2009.02.10 -
VirusBuster 4.5.11.0 2009.02.10 -
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Nejdou otevřít disky
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Vlož potom nový log z HJT.
Kód: Vybrat vše
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40Vlož potom nový log z HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
jackson8800
- Level 1
- Příspěvky: 91
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Nejdou otevřít disky
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:05, on 11.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\mio active\wcescomm.exe
F:\ROSTA\FRAPS1\FRAPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
D:\MIOACT~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Rosta\Hijack\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\Notepad.exe
C:\Program Files\Opera\opera.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.servis24.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UVS11 Preload] F:\Ulead 11\uvPL.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\mio active\wcescomm.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Fraps] F:\ROSTA\FRAPS1\FRAPS.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\MIOACT~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MIOACT~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MIOACT~1\INetRepl.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
--
End of file - 6440 bytes
To- 017 jsem tam bohužel neviděl.
Scan saved at 7:55:05, on 11.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\mio active\wcescomm.exe
F:\ROSTA\FRAPS1\FRAPS.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
D:\MIOACT~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Rosta\Hijack\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\Notepad.exe
C:\Program Files\Opera\opera.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.servis24.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UVS11 Preload] F:\Ulead 11\uvPL.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\mio active\wcescomm.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Fraps] F:\ROSTA\FRAPS1\FRAPS.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\MIOACT~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MIOACT~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\MIOACT~1\INetRepl.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
--
End of file - 6440 bytes
To- 017 jsem tam bohužel neviděl.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Nejdou otevřít disky
Log O.K.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
Aktualizuj javu:
Java SE Runtime Environment 6u12
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u12-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Vše.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
Aktualizuj javu:
Java SE Runtime Environment 6u12
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u12-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.
Vše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 62 hostů