PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Kontrola Logu

https://pc-help.cnews.cz/viewtopic.php?f=70&t=45338

Stránka 1 z 1

Kontrola Logu

Napsal: 03 říj 2009 20:12
od Alien.
Sem tu zas :smile: tady je HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:28, on 3.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\DOCUME~1\Martin\LOCALS~1\Temp\tempalbert\MSASCul.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ::1 localhost
O1 - Hosts: 88.86.111.212 L2authd.Lineage2.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ARC] "C:\DOCUME~1\Martin\LOCALS~1\Temp\tempalbert\MSASCul.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 5762 bytes

Re: Kontrola Logu

Napsal: 03 říj 2009 20:25
od Damned
Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKLM\..\Run: [ARC] "C:\DOCUME~1\Martin\LOCALS~1\Temp\tempalbert\MSASCul.exe"
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho (pokud máš, tak aktualizuj a spusť)
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Re: Kontrola Logu

Napsal: 03 říj 2009 20:35
od Alien.
Tak tady to máš

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2900
Windows 5.1.2600 Service Pack 3

3.10.2009 20:34:43
mbam-log-2009-10-03 (20-34-43).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 88333
Uplynulý čas: 1 minute(s), 50 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Re: Kontrola Logu

Napsal: 03 říj 2009 20:37
od Damned
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Re: Kontrola Logu

Napsal: 03 říj 2009 20:42
od Alien.
ComboFix 09-10-01.05 - Martin 03.10.2009 20:40.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3326.2824 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091003-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\NTSVc.ocx

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-03 do 2009-10-03 )))))))))))))))))))))))))))))))
.

2009-10-03 18:16 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-03 18:16 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-03 18:16 . 2009-10-03 18:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-03 11:04 . 2009-10-03 11:04 -------- d-----w- C:\Westwood
2009-10-03 10:40 . 2001-08-18 04:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-10-03 10:40 . 2001-08-18 04:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-10-03 10:40 . 2001-08-18 04:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-10-03 10:40 . 2001-08-18 04:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-10-03 10:40 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-10-03 10:40 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-10-03 10:40 . 2001-08-17 20:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-10-03 10:40 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-10-03 10:40 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-10-03 10:40 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-10-03 10:40 . 2008-04-14 06:48 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-10-03 10:40 . 2008-04-14 06:48 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-10-02 19:25 . 2009-10-02 19:25 -------- d-----w- c:\program files\QIP Infium
2009-10-02 18:34 . 2009-10-02 18:34 -------- d-----w- c:\program files\WinPcap
2009-10-02 18:34 . 2009-10-02 18:38 -------- d-----w- c:\program files\IM Sniffer
2009-10-02 16:08 . 2009-10-02 16:17 -------- d-----w- c:\program files\Valve
2009-10-02 15:29 . 2009-10-02 15:29 302548481 ----a-w- C:\Counter-Strike_1.6.exe
2009-09-30 16:28 . 2009-09-30 16:30 -------- d-----w- C:\RO
2009-09-29 17:41 . 2009-09-29 17:42 -------- d-----w- C:\lol
2009-09-27 19:57 . 2009-09-27 19:57 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-09-27 12:57 . 2009-09-27 12:57 -------- d-----w- c:\program files\CCleaner
2009-09-27 10:29 . 2009-09-27 10:29 -------- d-----w- c:\program files\Trend Micro
2009-09-24 15:07 . 2009-09-24 15:07 -------- d-sh--w- c:\documents and settings\Martin\IECompatCache
2009-09-23 17:03 . 2009-09-23 17:03 -------- d-----w- c:\program files\Nvu
2009-09-23 16:52 . 2009-09-26 10:03 -------- d-----w- C:\WWW
2009-09-23 14:45 . 2009-09-23 14:45 -------- d-----w- c:\program files\VirtualDub
2009-09-23 12:21 . 2009-09-26 15:30 -------- d-----w- c:\program files\Metin2_CZ
2009-09-21 15:06 . 2009-09-21 15:06 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-21 15:05 . 2009-09-21 15:06 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-09-20 17:27 . 2009-09-20 17:27 -------- d-----w- c:\documents and settings\Martin\.thumbnails
2009-09-20 17:20 . 2009-10-03 11:57 -------- d-----w- c:\documents and settings\Martin\.gimp-2.6
2009-09-20 17:19 . 2009-09-20 17:19 -------- d-----w- c:\program files\GIMP-2.0
2009-09-20 16:00 . 2009-09-20 16:00 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-19 14:14 . 2009-09-19 14:14 -------- d-----w- c:\program files\Rockstar Games
2009-09-16 14:37 . 2009-09-27 07:57 -------- d-----w- C:\Fraps
2009-09-15 11:49 . 2009-10-03 08:03 -------- d-----w- c:\program files\Steam
2009-09-13 10:11 . 2009-09-28 10:52 -------- d-----w- c:\program files\Counter-Strike Source
2009-09-10 12:06 . 2009-09-10 12:06 -------- d-----w- c:\program files\NCsoft
2009-09-09 14:13 . 2009-09-09 14:13 82774 ----a-w- c:\windows\Uninstall Jade Empire.exe
2009-09-05 20:26 . 2009-09-05 20:26 -------- d-----w- c:\program files\alaplaya
2009-09-05 12:05 . 2009-09-05 12:05 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-09-04 17:34 . 2009-09-04 17:38 -------- d-----w- C:\wxpsp1_cs
2009-09-04 10:34 . 2009-09-04 10:34 -------- d-----w- c:\program files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 18:32 . 2008-04-14 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-10-03 18:32 . 2008-04-14 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-10-02 20:44 . 2009-08-10 13:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-02 15:55 . 2009-08-15 13:53 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-02 15:55 . 2009-08-15 13:52 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-02 15:55 . 2009-08-15 13:52 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-02 15:48 . 2009-08-11 20:04 -------- d-----w- c:\program files\Activision
2009-09-30 18:32 . 2009-08-28 19:38 -------- d-----w- c:\program files\Lineage II
2009-09-27 19:57 . 2009-08-29 17:04 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-09-27 15:14 . 2009-08-12 15:51 110163 ----a-w- c:\windows\War3Unin.dat
2009-09-14 10:23 . 2009-09-02 11:51 -------- d-----w- c:\program files\Diablo II
2009-09-13 17:33 . 2009-08-17 06:52 -------- d-----w- c:\program files\Left4Dead
2009-09-06 06:12 . 2009-08-22 08:06 -------- d-----w- c:\program files\Starcraft
2009-09-06 06:12 . 2009-08-18 08:50 -------- d-----w- c:\program files\Winamp
2009-09-06 06:10 . 2009-08-12 16:05 -------- d-----w- c:\program files\Alien Shooter
2009-09-06 06:10 . 2009-08-30 08:10 -------- d-----w- c:\program files\1C
2009-09-03 18:34 . 2009-09-02 16:22 -------- d-----w- c:\program files\Ascaron Entertainment
2009-09-03 15:40 . 2009-09-03 15:40 -------- d-----w- c:\program files\Common Files\Nero
2009-09-03 15:40 . 2009-09-03 15:40 -------- d-----w- c:\program files\Nero
2009-09-03 13:25 . 2009-09-03 13:25 78848 ----a-w- c:\windows\system32\drivers\SSHDRV85.sys
2009-09-02 16:08 . 2009-09-02 16:08 -------- d-----w- c:\program files\Common Files\PocketSoft
2009-09-02 12:01 . 2009-09-02 12:01 94208 ----a-w- c:\windows\DIIUnin.exe
2009-09-02 12:01 . 2009-09-02 12:01 2829 ----a-w- c:\windows\DIIUnin.pif
2009-09-02 12:01 . 2009-09-02 12:01 16955 ----a-w- c:\windows\DIIUnin.dat
2009-09-01 18:26 . 2009-09-01 18:26 -------- d-----w- c:\program files\Microsoft Games
2009-08-31 07:26 . 2009-08-29 17:05 -------- d-----w- c:\program files\Ubisoft
2009-08-30 08:18 . 2009-08-30 08:18 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-30 08:18 . 2009-08-30 08:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-30 08:09 . 2009-08-30 08:09 -------- d-----w- c:\program files\Alcohol Soft
2009-08-29 17:03 . 2009-08-29 17:03 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-26 14:14 . 2009-08-15 18:42 -------- d-----w- c:\program files\AhaView v4.02
2009-08-25 16:30 . 2009-08-25 16:08 -------- d-----w- c:\program files\Crimsonland
2009-08-25 16:07 . 2009-08-25 16:07 -------- d-----w- c:\program files\ReflexiveArcade
2009-08-24 17:53 . 2009-08-24 17:43 -------- d-----w- c:\program files\MySQL
2009-08-24 17:45 . 2009-08-24 17:45 -------- d-----w- c:\program files\PremiumSoft
2009-08-22 06:50 . 2009-08-22 06:50 -------- d-----w- c:\program files\GameTop.com
2009-08-17 16:10 . 2009-08-10 15:51 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-08-10 15:51 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-08-10 15:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-08-10 15:51 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-08-10 15:51 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-08-10 15:51 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-08-10 15:51 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-08-10 15:51 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-08-10 15:51 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-16 15:08 . 2005-10-14 09:56 178176 ----a-w- c:\windows\system32\unrar.dll
2009-08-15 13:38 . 2009-08-15 13:38 -------- d-----w- c:\program files\GamePark
2009-08-13 12:14 . 2009-08-12 15:47 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-13 05:44 . 2009-08-13 05:44 -------- d-----w- c:\program files\Hamachi
2009-08-13 05:44 . 2009-08-13 05:44 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-08-12 15:59 . 2009-08-12 15:51 2829 ----a-w- c:\windows\War3Unin.pif
2009-08-12 15:59 . 2009-08-12 15:51 139264 ----a-w- c:\windows\War3Unin.exe
2009-08-12 15:55 . 2009-08-12 15:55 -------- d-----w- c:\program files\uTorrent
2009-08-11 16:05 . 2009-08-11 16:05 737280 ----a-w- c:\windows\iun6002.exe
2009-08-11 14:54 . 2009-08-11 14:54 -------- d-----w- c:\program files\bfgclient
2009-08-11 14:09 . 2009-08-11 14:09 -------- d-----w- c:\program files\NHN USA
2009-08-11 08:11 . 2009-08-11 08:11 -------- d-----w- c:\program files\MSBuild
2009-08-11 08:11 . 2009-08-11 08:11 -------- d-----w- c:\program files\Reference Assemblies
2009-08-11 08:02 . 2009-08-11 08:01 -------- d-----w- c:\program files\ICQ6.5
2009-08-10 16:37 . 2009-08-10 16:37 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-08-10 16:06 . 2009-08-10 16:06 -------- d-----w- c:\program files\Skype
2009-08-10 16:06 . 2009-08-10 16:06 -------- d-----w- c:\program files\Common Files\Skype
2009-08-10 15:53 . 2009-08-10 15:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-10 15:51 . 2009-08-10 15:51 -------- d-----w- c:\program files\Alwil Software
2009-08-10 15:50 . 2009-08-10 15:50 1174 ----a-w- c:\windows\mozver.dat
2009-08-10 15:45 . 2009-08-10 15:45 0 ----a-w- c:\windows\nsreg.dat
2009-08-10 15:44 . 2009-08-10 15:44 -------- d-----w- c:\program files\Common Files\snpstd3
2009-08-10 13:32 . 2009-08-10 13:27 -------- d-----w- c:\program files\ATI Technologies
2009-08-10 13:31 . 2009-08-10 13:21 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-10 13:30 . 2009-08-10 13:30 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-08-10 13:23 . 2009-08-10 13:21 -------- d-----w- c:\program files\Realtek
2009-08-10 13:22 . 2009-08-10 13:19 16608 ----a-w- c:\windows\gdrv.sys
2009-08-10 13:21 . 2009-08-10 13:21 315392 ----a-w- c:\windows\HideWin.exe
2009-08-10 13:21 . 2009-08-10 13:21 -------- d-----w- c:\program files\AMD
2009-08-10 13:20 . 2009-08-10 13:20 -------- d-----w- c:\program files\Browser Configuration Utility
2009-08-10 13:14 . 2009-08-10 13:14 -------- d-----w- c:\program files\microsoft frontpage
2009-08-05 09:01 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:04 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 10:33 . 2009-08-24 17:46 1589248 ----a-w- c:\windows\system32\libmysql_d.dll
2009-08-12 15:04 . 2009-08-10 15:45 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-08-12 15:04 . 2009-08-10 15:45 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-08-12 15:04 . 2009-08-10 15:45 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-08-12 15:04 . 2009-08-10 15:45 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-08-12 15:04 . 2009-08-10 15:45 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Martin\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\ijjigame\\PurpleBean.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"e:\\Hry\\Warcraft III\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\MaNGOS\\realmd.exe"=
"c:\\MaNGOS\\mangosd.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\Ascaron Entertainment\\Sacred\\GameServer.exe"=
"c:\\Program Files\\Ascaron Entertainment\\Sacred\\Sacred.exe"=
"c:\\Program Files\\Ascaron Entertainment\\Sacred Underworld\\gameserver.exe"=
"c:\\Program Files\\Ascaron Entertainment\\Sacred Underworld\\sacred.exe"=
"e:\\Hry\\GMod\\Garry's Mod\\hl2.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\radku210\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Counter-Strike Source\\srcds.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.bin"=
"e:\\Hry\\WotLK\\WoW-3.2.0-enGB-downloader.exe"=
"e:\\Hry\\WotLK\\Launcher.exe"=
"e:\\Hry\\WotLK\\WoW-3.1.1.9806-to-3.1.1.9835-enGB-downloader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Westwood\\Emperor\\PATCHGET.DAT"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.8.2009 17:51 114768]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [3.9.2009 15:25 78848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.8.2009 17:51 20560]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\2onky49c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-03 20:41
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-10-03 20:42
ComboFix-quarantined-files.txt 2009-10-03 18:42

Před spuštěním: Volných bajtů: 120 001 970 176
Po spuštění: Volných bajtů: 120 023 961 600

244 --- E O F --- 2009-09-22 21:32

Re: Kontrola Logu

Napsal: 03 říj 2009 20:52
od Alien.
Znám..

C:\Fraps - Nátáčecí prográmek na hry
C:\WWW - Webový stránky
C:\RO - Hra : Ragnarok
C:\Westwood - Hra : Emperor : Battle for Dune
C:\lol - prázdná složka .. smazal sem ji
C:\wxpsp1_cs - Důležitý věci

Re: Kontrola Logu

Napsal: 03 říj 2009 20:54
od Damned
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\mozver.dat
C:\Program.exe

Folder::
c:\program files\DAEMON Tools Toolbar

Driver::
MySQL



Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.


Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
Obrázek

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Re: Kontrola Logu

Napsal: 03 říj 2009 21:04
od Alien.
ComboFix 09-10-01.05 - Martin 03.10.2009 20:58.4.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3326.2773 [GMT 2:00]
Spuštěný z: c:\documents and settings\Martin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Martin\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091003-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"C:\Program.exe"
"c:\windows\mozver.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Toolbar
c:\windows\mozver.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYSQL
-------\Service_MySQL


((((((((((((((((((((((((( Soubory vytvořené od 2009-09-03 do 2009-10-03 )))))))))))))))))))))))))))))))
.

2009-10-03 18:16 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-03 18:16 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-03 18:16 . 2009-10-03 18:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-03 11:04 . 2009-10-03 11:04 -------- d-----w- C:\Westwood
2009-10-03 10:40 . 2001-08-18 04:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-10-03 10:40 . 2001-08-18 04:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-10-03 10:40 . 2001-08-18 04:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-10-03 10:40 . 2001-08-18 04:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2009-10-03 10:40 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-10-03 10:40 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2009-10-03 10:40 . 2001-08-17 20:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2009-10-03 10:40 . 2001-08-17 20:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2009-10-03 10:40 . 2001-08-17 20:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2009-10-03 10:40 . 2001-08-17 20:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2009-10-03 10:40 . 2008-04-14 06:48 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-10-03 10:40 . 2008-04-14 06:48 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-10-02 19:25 . 2009-10-02 19:25 -------- d-----w- c:\program files\QIP Infium
2009-10-02 18:34 . 2009-10-02 18:34 -------- d-----w- c:\program files\WinPcap
2009-10-02 18:34 . 2009-10-02 18:38 -------- d-----w- c:\program files\IM Sniffer
2009-10-02 16:08 . 2009-10-02 16:17 -------- d-----w- c:\program files\Valve
2009-09-30 16:28 . 2009-09-30 16:30 -------- d-----w- C:\RO
2009-09-27 12:57 . 2009-09-27 12:57 -------- d-----w- c:\program files\CCleaner
2009-09-27 10:29 . 2009-09-27 10:29 -------- d-----w- c:\program files\Trend Micro
2009-09-24 15:07 . 2009-09-24 15:07 -------- d-sh--w- c:\documents and settings\Martin\IECompatCache
2009-09-23 17:03 . 2009-09-23 17:03 -------- d-----w- c:\program files\Nvu
2009-09-23 16:52 . 2009-09-26 10:03 -------- d-----w- C:\WWW
2009-09-23 14:45 . 2009-09-23 14:45 -------- d-----w- c:\program files\VirtualDub
2009-09-23 12:21 . 2009-09-26 15:30 -------- d-----w- c:\program files\Metin2_CZ
2009-09-21 15:06 . 2009-09-21 15:06 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-21 15:05 . 2009-09-21 15:06 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-09-20 17:27 . 2009-09-20 17:27 -------- d-----w- c:\documents and settings\Martin\.thumbnails
2009-09-20 17:20 . 2009-10-03 11:57 -------- d-----w- c:\documents and settings\Martin\.gimp-2.6
2009-09-20 17:19 . 2009-09-20 17:19 -------- d-----w- c:\program files\GIMP-2.0
2009-09-20 16:00 . 2009-09-20 16:00 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-19 14:14 . 2009-09-19 14:14 -------- d-----w- c:\program files\Rockstar Games
2009-09-16 14:37 . 2009-09-27 07:57 -------- d-----w- C:\Fraps
2009-09-15 11:49 . 2009-10-03 08:03 -------- d-----w- c:\program files\Steam
2009-09-13 10:11 . 2009-09-28 10:52 -------- d-----w- c:\program files\Counter-Strike Source
2009-09-10 12:06 . 2009-09-10 12:06 -------- d-----w- c:\program files\NCsoft
2009-09-09 14:13 . 2009-09-09 14:13 82774 ----a-w- c:\windows\Uninstall Jade Empire.exe
2009-09-05 20:26 . 2009-09-05 20:26 -------- d-----w- c:\program files\alaplaya
2009-09-05 12:05 . 2009-09-05 12:05 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-09-04 17:34 . 2009-09-04 17:38 -------- d-----w- C:\wxpsp1_cs
2009-09-04 10:34 . 2009-09-04 10:34 -------- d-----w- c:\program files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 18:32 . 2008-04-14 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-10-03 18:32 . 2008-04-14 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-10-02 20:44 . 2009-08-10 13:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-02 15:55 . 2009-08-15 13:53 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-02 15:55 . 2009-08-15 13:52 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-02 15:55 . 2009-08-15 13:52 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-02 15:48 . 2009-08-11 20:04 -------- d-----w- c:\program files\Activision
2009-09-30 18:32 . 2009-08-28 19:38 -------- d-----w- c:\program files\Lineage II
2009-09-27 19:57 . 2009-08-29 17:04 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-09-27 15:14 . 2009-08-12 15:51 110163 ----a-w- c:\windows\War3Unin.dat
2009-09-14 10:23 . 2009-09-02 11:51 -------- d-----w- c:\program files\Diablo II
2009-09-13 17:33 . 2009-08-17 06:52 -------- d-----w- c:\program files\Left4Dead
2009-09-06 06:12 . 2009-08-22 08:06 -------- d-----w- c:\program files\Starcraft
2009-09-06 06:12 . 2009-08-18 08:50 -------- d-----w- c:\program files\Winamp
2009-09-06 06:10 . 2009-08-12 16:05 -------- d-----w- c:\program files\Alien Shooter
2009-09-06 06:10 . 2009-08-30 08:10 -------- d-----w- c:\program files\1C
2009-09-03 18:34 . 2009-09-02 16:22 -------- d-----w- c:\program files\Ascaron Entertainment
2009-09-03 15:40 . 2009-09-03 15:40 -------- d-----w- c:\program files\Common Files\Nero
2009-09-03 15:40 . 2009-09-03 15:40 -------- d-----w- c:\program files\Nero
2009-09-03 13:25 . 2009-09-03 13:25 78848 ----a-w- c:\windows\system32\drivers\SSHDRV85.sys
2009-09-02 16:08 . 2009-09-02 16:08 -------- d-----w- c:\program files\Common Files\PocketSoft
2009-09-02 12:01 . 2009-09-02 12:01 94208 ----a-w- c:\windows\DIIUnin.exe
2009-09-02 12:01 . 2009-09-02 12:01 2829 ----a-w- c:\windows\DIIUnin.pif
2009-09-02 12:01 . 2009-09-02 12:01 16955 ----a-w- c:\windows\DIIUnin.dat
2009-09-01 18:26 . 2009-09-01 18:26 -------- d-----w- c:\program files\Microsoft Games
2009-08-31 07:26 . 2009-08-29 17:05 -------- d-----w- c:\program files\Ubisoft
2009-08-30 08:18 . 2009-08-30 08:18 -------- d-----w- c:\program files\AGEIA Technologies
2009-08-30 08:18 . 2009-08-30 08:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-30 08:09 . 2009-08-30 08:09 -------- d-----w- c:\program files\Alcohol Soft
2009-08-29 17:03 . 2009-08-29 17:03 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-26 14:14 . 2009-08-15 18:42 -------- d-----w- c:\program files\AhaView v4.02
2009-08-25 16:30 . 2009-08-25 16:08 -------- d-----w- c:\program files\Crimsonland
2009-08-25 16:07 . 2009-08-25 16:07 -------- d-----w- c:\program files\ReflexiveArcade
2009-08-24 17:53 . 2009-08-24 17:43 -------- d-----w- c:\program files\MySQL
2009-08-24 17:45 . 2009-08-24 17:45 -------- d-----w- c:\program files\PremiumSoft
2009-08-22 06:50 . 2009-08-22 06:50 -------- d-----w- c:\program files\GameTop.com
2009-08-17 16:10 . 2009-08-10 15:51 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-08-10 15:51 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-08-10 15:51 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-08-10 15:51 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-08-10 15:51 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-08-10 15:51 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-08-10 15:51 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-08-10 15:51 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-08-10 15:51 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-16 15:08 . 2005-10-14 09:56 178176 ----a-w- c:\windows\system32\unrar.dll
2009-08-15 13:38 . 2009-08-15 13:38 -------- d-----w- c:\program files\GamePark
2009-08-13 12:14 . 2009-08-12 15:47 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-13 05:44 . 2009-08-13 05:44 -------- d-----w- c:\program files\Hamachi
2009-08-13 05:44 . 2009-08-13 05:44 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-08-12 15:59 . 2009-08-12 15:51 2829 ----a-w- c:\windows\War3Unin.pif
2009-08-12 15:59 . 2009-08-12 15:51 139264 ----a-w- c:\windows\War3Unin.exe
2009-08-12 15:55 . 2009-08-12 15:55 -------- d-----w- c:\program files\uTorrent
2009-08-11 16:05 . 2009-08-11 16:05 737280 ----a-w- c:\windows\iun6002.exe
2009-08-11 14:54 . 2009-08-11 14:54 -------- d-----w- c:\program files\bfgclient
2009-08-11 14:09 . 2009-08-11 14:09 -------- d-----w- c:\program files\NHN USA
2009-08-11 08:11 . 2009-08-11 08:11 -------- d-----w- c:\program files\MSBuild
2009-08-11 08:11 . 2009-08-11 08:11 -------- d-----w- c:\program files\Reference Assemblies
2009-08-11 08:02 . 2009-08-11 08:01 -------- d-----w- c:\program files\ICQ6.5
2009-08-10 16:37 . 2009-08-10 16:37 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-08-10 16:06 . 2009-08-10 16:06 -------- d-----w- c:\program files\Skype
2009-08-10 16:06 . 2009-08-10 16:06 -------- d-----w- c:\program files\Common Files\Skype
2009-08-10 15:53 . 2009-08-10 15:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-10 15:51 . 2009-08-10 15:51 -------- d-----w- c:\program files\Alwil Software
2009-08-10 15:45 . 2009-08-10 15:45 0 ----a-w- c:\windows\nsreg.dat
2009-08-10 15:44 . 2009-08-10 15:44 -------- d-----w- c:\program files\Common Files\snpstd3
2009-08-10 13:32 . 2009-08-10 13:27 -------- d-----w- c:\program files\ATI Technologies
2009-08-10 13:31 . 2009-08-10 13:21 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-10 13:30 . 2009-08-10 13:30 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-08-10 13:23 . 2009-08-10 13:21 -------- d-----w- c:\program files\Realtek
2009-08-10 13:22 . 2009-08-10 13:19 16608 ----a-w- c:\windows\gdrv.sys
2009-08-10 13:21 . 2009-08-10 13:21 315392 ----a-w- c:\windows\HideWin.exe
2009-08-10 13:21 . 2009-08-10 13:21 -------- d-----w- c:\program files\AMD
2009-08-10 13:20 . 2009-08-10 13:20 -------- d-----w- c:\program files\Browser Configuration Utility
2009-08-10 13:14 . 2009-08-10 13:14 -------- d-----w- c:\program files\microsoft frontpage
2009-08-05 09:01 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:04 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2008-04-14 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 10:33 . 2009-08-24 17:46 1589248 ----a-w- c:\windows\system32\libmysql_d.dll
2009-08-12 15:04 . 2009-08-10 15:45 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-08-12 15:04 . 2009-08-10 15:45 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-08-12 15:04 . 2009-08-10 15:45 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-08-12 15:04 . 2009-08-10 15:45 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-08-12 15:04 . 2009-08-10 15:45 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-03_18.41.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-03 19:02 . 2009-10-03 19:02 16384 c:\windows\Temp\Perflib_Perfdata_698.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Martin^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Martin\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\ijjigame\\PurpleBean.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"e:\\Hry\\Warcraft III\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\MaNGOS\\realmd.exe"=
"c:\\MaNGOS\\mangosd.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"c:\\Program Files\\Ascaron Entertainment\\Sacred\\GameServer.exe"=
"c:\\Program Files\\Ascaron Entertainment\\Sacred\\Sacred.exe"=
"c:\\Program Files\\Ascaron Entertainment\\Sacred Underworld\\gameserver.exe"=
"c:\\Program Files\\Ascaron Entertainment\\Sacred Underworld\\sacred.exe"=
"e:\\Hry\\GMod\\Garry's Mod\\hl2.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\radku210\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Counter-Strike Source\\srcds.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.bin"=
"e:\\Hry\\WotLK\\WoW-3.2.0-enGB-downloader.exe"=
"e:\\Hry\\WotLK\\Launcher.exe"=
"e:\\Hry\\WotLK\\WoW-3.1.1.9806-to-3.1.1.9835-enGB-downloader.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Westwood\\Emperor\\PATCHGET.DAT"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL Server
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [10.8.2009 17:51 114768]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [3.9.2009 15:25 78848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.8.2009 17:51 20560]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2.8.2005 23:10 32512]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\Martin\Data aplikací\Mozilla\Firefox\Profiles\2onky49c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-03 21:02
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\TEMP\_av_proI.tm~a00632

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2124)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Celkový čas: 2009-10-03 21:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-10-03 19:04
ComboFix2.txt 2009-10-03 18:42

Před spuštěním: Volných bajtů: 120 031 584 256
Po spuštění: Volných bajtů: 119 936 974 848

276 --- E O F --- 2009-09-22 21:32

Re: Kontrola Logu

Napsal: 03 říj 2009 21:15
od Damned
Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš

(pozn.Pokud máš AVG, avast! nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG, avast! i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG,avast!, Aviru.)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.

ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache,
cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer,
Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Kdyby něco, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se. :bigups:

Re: Kontrola Logu  Vyřešeno

Napsal: 03 říj 2009 21:22
od Alien.
Super... dík :smile: /Closed
Časové pásmo: UTC+02:00
Stránka 1 z 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/