Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:10, on 5.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\Hotspot Shield\bin\openvpnas.exe
E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
E:\Program Files\ICQ6Toolbar\ICQ Service.exe
E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\Analog Devices\SoundMAX\smax4.exe
E:\Program Files\winamp\winampa.exe
E:\Program Files\Pošťák\Postak\Postak.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Acronis True Image Home 11.0 cz\TrueImageMonitor.exe
C:\Acronis True Image Home 11.0 cz\TimounterMonitor.exe
E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\PROGRA~1\MI3AA1~1\rapimgr.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\Opera\opera.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - E:\Program Files\Hotspot_Shield\tbHot0.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Program Files\BS_Player\tbBS_P.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - E:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - E:\Program Files\Hotspot_Shield\tbHot0.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - E:\Program Files\Hotspot Shield\hssie\HssIE.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - E:\Program Files\Pošťák\Postak\SRank.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - E:\Program Files\Hotspot_Shield\tbHot0.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Program Files\BS_Player\tbBS_P.dll
O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\winamp\winampa.exe"
O4 - HKLM\..\Run: [SMail] "E:\Program Files\Pošťák\Postak\Postak.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Acronis True Image Home 11.0 cz\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Acronis True Image Home 11.0 cz\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\sdasdas\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AFProg] E:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\Deamon tools\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Download Using &BitSpirit - E:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: ICQ Service - Unknown owner - E:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - E:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
--
End of file - 13271 bytes
Prosím o kontrolu logu Vyřešeno
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
Odinstaluj si ICQ6 Toolbar, Ask Toolbar, DAEMON Tools Toolbar, BS Player Toolbar a Hotspot_Shield.
Máš tam Daemon a Alcohol, jeden si odinstaluj.
Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - E:\Program Files\Hotspot_Shield\tbHot0.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Program Files\BS_Player\tbBS_P.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - E:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - E:\Program Files\Hotspot_Shield\tbHot0.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - E:\Program Files\Hotspot Shield\hssie\HssIE.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - E:\Program Files\Hotspot_Shield\tbHot0.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Program Files\BS_Player\tbBS_P.dll
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Máš tam Daemon a Alcohol, jeden si odinstaluj.
Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - E:\Program Files\Hotspot_Shield\tbHot0.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Program Files\BS_Player\tbBS_P.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - E:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - E:\Program Files\Hotspot_Shield\tbHot0.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - E:\Program Files\Hotspot Shield\hssie\HssIE.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - E:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - E:\Program Files\Hotspot_Shield\tbHot0.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - E:\Program Files\BS_Player\tbBS_P.dll
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosím o kontrolu logu
Malwarebytes' Anti-Malware 1.42
Verze databáze: 3300
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5.12.2009 19:32:14
mbam-log-2009-12-05 (19-32-10).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 146960
Uplynulý čas: 18 minute(s), 58 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ByteLinker (PUP.BitSpirit) -> No action taken.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
E:\WINDOWS\system32\WoWEmuHacker5.exe (Trojan.Agent) -> No action taken.
Verze databáze: 3300
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5.12.2009 19:32:14
mbam-log-2009-12-05 (19-32-10).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 146960
Uplynulý čas: 18 minute(s), 58 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ByteLinker (PUP.BitSpirit) -> No action taken.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
E:\WINDOWS\system32\WoWEmuHacker5.exe (Trojan.Agent) -> No action taken.
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosím o kontrolu logu
Malwarebytes' Anti-Malware 1.42
Verze databáze: 3300
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5.12.2009 20:06:05
mbam-log-2009-12-05 (20-06-05).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 146952
Uplynulý čas: 10 minute(s), 32 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ByteLinker (PUP.BitSpirit) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
E:\WINDOWS\system32\WoWEmuHacker5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Ted to chce restart PC, takže na tom druhém se hned bude pracovat
Verze databáze: 3300
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
5.12.2009 20:06:05
mbam-log-2009-12-05 (20-06-05).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 146952
Uplynulý čas: 10 minute(s), 32 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 1
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ByteLinker (PUP.BitSpirit) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
E:\WINDOWS\system32\WoWEmuHacker5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Ted to chce restart PC, takže na tom druhém se hned bude pracovat
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
jasně
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosím o kontrolu logu
ComboFix 09-12-04.05 - Petr 05.12.2009 20:19.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.645 [GMT 1:00]
Spuštěný z: e:\documents and settings\Petr\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\documents and settings\Petr\Dokumenty\cc_20090203_195305.reg
e:\program files\ATI Technologies\ATI.ACE\Core-Static\atIAcmxx.dll
e:\windows\system32\CONFIG.exe
e:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-05 do 2009-12-05 )))))))))))))))))))))))))))))))
.
2009-12-05 17:58 . 2009-12-03 15:14 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 17:58 . 2009-12-03 15:13 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-12-05 17:58 . 2009-12-05 17:58 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2009-12-05 17:41 . 2009-12-05 17:41 2560 ----a-w- e:\windows\_MSRSTRT.EXE
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 17:51 . 2008-11-19 18:52 -------- d-----w- e:\program files\ICQToolbar
2009-12-05 17:41 . 2008-11-22 19:46 -------- d-----w- e:\program files\Hotspot_Shield
2009-12-04 12:38 . 2008-11-19 18:12 -------- d-----w- e:\program files\World of Warcraft
2009-11-28 08:13 . 2008-11-19 17:25 -------- d-----w- e:\program files\Opera
2009-11-22 12:34 . 2002-09-23 12:00 487794 ----a-w- e:\windows\system32\perfh005.dat
2009-11-22 12:34 . 2002-09-23 12:00 101624 ----a-w- e:\windows\system32\perfc005.dat
2009-10-25 13:06 . 2009-07-24 17:36 -------- d-----w- e:\program files\DreamCom
2009-10-15 05:23 . 2009-07-06 10:15 -------- d-----w- e:\program files\Microsoft SQL Server
2009-10-11 13:09 . 2009-10-11 13:09 -------- d-----w- e:\program files\PC Drivers HeadQuarters
2009-10-11 12:40 . 2008-11-19 16:55 -------- d--h--w- e:\program files\InstallShield Installation Information
2009-10-10 19:37 . 2009-10-10 19:37 23600 ----a-w- e:\windows\system32\drivers\TVICHW32.SYS
2009-09-11 14:19 . 2004-08-17 13:49 136192 ----a-w- e:\windows\system32\msv1_0.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- e:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- e:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-07-07 10:57 163328 --sh--r- e:\windows\system32\flvDX.dll
1990-01-01 01:01 . 1990-01-01 01:01 45056 --sh--r- e:\windows\system32\lpad32.dll
2007-02-21 10:47 . 2009-07-07 10:57 31232 --sh--r- e:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-07-07 10:57 216064 --sh--r- e:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AFProg"="e:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [2006-06-05 118784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"DAEMON Tools Lite"="e:\program files\Deamon tools\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"H/PC Connection Agent"="e:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AlcoholAutomount"="e:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"WinampAgent"="e:\program files\winamp\winampa.exe" [2008-08-03 36352]
"SMail"="e:\program files\Pošťák\Postak\Postak.exe" [2008-02-21 453936]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HP Component Manager"="e:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"TrueImageMonitor.exe"="c:\acronis true image home 11.0 cz\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="c:\acronis true image home 11.0 cz\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="e:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Reader Speed Launcher"="e:\program files\sdasdas\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
e:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - e:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
e:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-3-15 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - e:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-3-15 53248]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{8DCB0AE8-533C-A1D2-29E1-3A811135D25A}"= "e:\windows\system32\lpad32.dll" [1990-01-01 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\World of Warcraft\\Launcher.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Hamachi\\hamachi.exe"=
"e:\\Program Files\\Garena\\Garena.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"c:\\PES 10\\PLAY\\pes2010.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 ehdrv;ehdrv;e:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
S0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [19.11.2008 18:55 721904]
S3 GarenaPEngine;GarenaPEngine;\??\e:\docume~1\Petr\LOCALS~1\Temp\EYDD00.tmp --> e:\docume~1\Petr\LOCALS~1\Temp\EYDD00.tmp [?]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);e:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27.5.2009 2:27 29262680]
S3 TVICHW32;TVICHW32;e:\windows\system32\drivers\TVICHW32.SYS [10.10.2009 20:37 23600]
.
Obsah adresáře 'Naplánované úlohy'
2009-12-05 e:\windows\Tasks\WGASetup.job
- e:\windows\system32\KB905474\wgasetup.exe [2009-04-22 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
IE: Download Using &BitSpirit - e:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30} = 62.129.50.20,85.135.32.100
FF - ProfilePath - e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT17505 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: e:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: e:\program files\sdasdas\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
AddRemove-HijackThis - e:\documents and settings\Petr\Plocha\HijackThis.exe
AddRemove-NVIDIA Drivers - e:\windows\system32\nvunrm.exe UninstallGUI
AddRemove-{47ec0dd7-27a9-43da-826b-027651baf43d} - e:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 20:27
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\e:\docume~1\Petr\LOCALS~1\Temp\EYDD00.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1024)
e:\windows\system32\Ati2evxx.dll
e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
- - - - - - - > 'lsass.exe'(1080)
e:\windows\system32\relog_ap.dll
.
Celkový čas: 2009-12-05 20:29
ComboFix-quarantined-files.txt 2009-12-05 19:29
Před spuštěním: 8 474 075 136
Po spuštění: Volných bajtů: 15 281 602 560
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 16659C9B662BEB0BB8A1E6A29B80B4D2
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.645 [GMT 1:00]
Spuštěný z: e:\documents and settings\Petr\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\documents and settings\Petr\Dokumenty\cc_20090203_195305.reg
e:\program files\ATI Technologies\ATI.ACE\Core-Static\atIAcmxx.dll
e:\windows\system32\CONFIG.exe
e:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-05 do 2009-12-05 )))))))))))))))))))))))))))))))
.
2009-12-05 17:58 . 2009-12-03 15:14 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 17:58 . 2009-12-03 15:13 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-12-05 17:58 . 2009-12-05 17:58 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2009-12-05 17:41 . 2009-12-05 17:41 2560 ----a-w- e:\windows\_MSRSTRT.EXE
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 17:51 . 2008-11-19 18:52 -------- d-----w- e:\program files\ICQToolbar
2009-12-05 17:41 . 2008-11-22 19:46 -------- d-----w- e:\program files\Hotspot_Shield
2009-12-04 12:38 . 2008-11-19 18:12 -------- d-----w- e:\program files\World of Warcraft
2009-11-28 08:13 . 2008-11-19 17:25 -------- d-----w- e:\program files\Opera
2009-11-22 12:34 . 2002-09-23 12:00 487794 ----a-w- e:\windows\system32\perfh005.dat
2009-11-22 12:34 . 2002-09-23 12:00 101624 ----a-w- e:\windows\system32\perfc005.dat
2009-10-25 13:06 . 2009-07-24 17:36 -------- d-----w- e:\program files\DreamCom
2009-10-15 05:23 . 2009-07-06 10:15 -------- d-----w- e:\program files\Microsoft SQL Server
2009-10-11 13:09 . 2009-10-11 13:09 -------- d-----w- e:\program files\PC Drivers HeadQuarters
2009-10-11 12:40 . 2008-11-19 16:55 -------- d--h--w- e:\program files\InstallShield Installation Information
2009-10-10 19:37 . 2009-10-10 19:37 23600 ----a-w- e:\windows\system32\drivers\TVICHW32.SYS
2009-09-11 14:19 . 2004-08-17 13:49 136192 ----a-w- e:\windows\system32\msv1_0.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- e:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- e:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-07-07 10:57 163328 --sh--r- e:\windows\system32\flvDX.dll
1990-01-01 01:01 . 1990-01-01 01:01 45056 --sh--r- e:\windows\system32\lpad32.dll
2007-02-21 10:47 . 2009-07-07 10:57 31232 --sh--r- e:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-07-07 10:57 216064 --sh--r- e:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AFProg"="e:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [2006-06-05 118784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"DAEMON Tools Lite"="e:\program files\Deamon tools\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"H/PC Connection Agent"="e:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AlcoholAutomount"="e:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"WinampAgent"="e:\program files\winamp\winampa.exe" [2008-08-03 36352]
"SMail"="e:\program files\Pošťák\Postak\Postak.exe" [2008-02-21 453936]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HP Component Manager"="e:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"TrueImageMonitor.exe"="c:\acronis true image home 11.0 cz\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="c:\acronis true image home 11.0 cz\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="e:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Reader Speed Launcher"="e:\program files\sdasdas\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
e:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - e:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
e:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-3-15 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - e:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-3-15 53248]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{8DCB0AE8-533C-A1D2-29E1-3A811135D25A}"= "e:\windows\system32\lpad32.dll" [1990-01-01 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\World of Warcraft\\Launcher.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Hamachi\\hamachi.exe"=
"e:\\Program Files\\Garena\\Garena.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"c:\\PES 10\\PLAY\\pes2010.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 ehdrv;ehdrv;e:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
S0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [19.11.2008 18:55 721904]
S3 GarenaPEngine;GarenaPEngine;\??\e:\docume~1\Petr\LOCALS~1\Temp\EYDD00.tmp --> e:\docume~1\Petr\LOCALS~1\Temp\EYDD00.tmp [?]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);e:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27.5.2009 2:27 29262680]
S3 TVICHW32;TVICHW32;e:\windows\system32\drivers\TVICHW32.SYS [10.10.2009 20:37 23600]
.
Obsah adresáře 'Naplánované úlohy'
2009-12-05 e:\windows\Tasks\WGASetup.job
- e:\windows\system32\KB905474\wgasetup.exe [2009-04-22 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
IE: Download Using &BitSpirit - e:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30} = 62.129.50.20,85.135.32.100
FF - ProfilePath - e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT17505 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: e:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: e:\program files\sdasdas\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
AddRemove-HijackThis - e:\documents and settings\Petr\Plocha\HijackThis.exe
AddRemove-NVIDIA Drivers - e:\windows\system32\nvunrm.exe UninstallGUI
AddRemove-{47ec0dd7-27a9-43da-826b-027651baf43d} - e:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 20:27
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
"ImagePath"="\??\e:\docume~1\Petr\LOCALS~1\Temp\EYDD00.tmp"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1024)
e:\windows\system32\Ati2evxx.dll
e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
- - - - - - - > 'lsass.exe'(1080)
e:\windows\system32\relog_ap.dll
.
Celkový čas: 2009-12-05 20:29
ComboFix-quarantined-files.txt 2009-12-05 19:29
Před spuštěním: 8 474 075 136
Po spuštění: Volných bajtů: 15 281 602 560
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 16659C9B662BEB0BB8A1E6A29B80B4D2
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:
File::
e:\docume~1\Petr\LOCALS~1\Temp\EYDD00.tmp
e:\windows\system32\KB905474\wgasetup.exe
e:\windows\Tasks\WGASetup.job
e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
Folder::
e:\program files\Hotspot_Shield
E:\Program Files\ICQ6Toolbar
E:\Program Files\BS_Player
E:\Program Files\DAEMON Tools Toolbar
FireFox::
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT17505 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
Driver::
GarenaPEngine;GarenaPEngine
GarenaPEngine
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače
Zkopíruj do něj následující celý text označený zeleně:
File::
e:\docume~1\Petr\LOCALS~1\Temp\EYDD00.tmp
e:\windows\system32\KB905474\wgasetup.exe
e:\windows\Tasks\WGASetup.job
e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
Folder::
e:\program files\Hotspot_Shield
E:\Program Files\ICQ6Toolbar
E:\Program Files\BS_Player
E:\Program Files\DAEMON Tools Toolbar
FireFox::
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT17505 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
Driver::
GarenaPEngine;GarenaPEngine
GarenaPEngine
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosím o kontrolu logu
ComboFix 09-12-04.05 - Petr 05.12.2009 21:21.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.674 [GMT 1:00]
Spuštěný z: e:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\Petr\Plocha\CFScript.txt.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FILE ::
"e:\docume~1\Petr\LOCALS~1\Temp\EYDD00.tmp"
"e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll"
"e:\windows\system32\KB905474\wgasetup.exe"
"e:\windows\Tasks\WGASetup.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
e:\program files\Hotspot_Shield
e:\program files\Hotspot_Shield\tbHot0.dll
e:\windows\system32\KB905474\wgasetup.exe
e:\windows\Tasks\WGASetup.job
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GARENAPENGINE
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-05 do 2009-12-05 )))))))))))))))))))))))))))))))
.
2009-12-05 17:58 . 2009-12-03 15:14 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 17:58 . 2009-12-03 15:13 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-12-05 17:58 . 2009-12-05 17:58 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2009-12-05 17:41 . 2009-12-05 17:41 2560 ----a-w- e:\windows\_MSRSTRT.EXE
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 17:51 . 2008-11-19 18:52 -------- d-----w- e:\program files\ICQToolbar
2009-12-04 12:38 . 2008-11-19 18:12 -------- d-----w- e:\program files\World of Warcraft
2009-11-28 08:13 . 2008-11-19 17:25 -------- d-----w- e:\program files\Opera
2009-11-22 12:34 . 2002-09-23 12:00 487794 ----a-w- e:\windows\system32\perfh005.dat
2009-11-22 12:34 . 2002-09-23 12:00 101624 ----a-w- e:\windows\system32\perfc005.dat
2009-10-25 13:06 . 2009-07-24 17:36 -------- d-----w- e:\program files\DreamCom
2009-10-15 05:23 . 2009-07-06 10:15 -------- d-----w- e:\program files\Microsoft SQL Server
2009-10-11 13:09 . 2009-10-11 13:09 -------- d-----w- e:\program files\PC Drivers HeadQuarters
2009-10-11 12:40 . 2008-11-19 16:55 -------- d--h--w- e:\program files\InstallShield Installation Information
2009-10-10 19:37 . 2009-10-10 19:37 23600 ----a-w- e:\windows\system32\drivers\TVICHW32.SYS
2009-09-11 14:19 . 2004-08-17 13:49 136192 ----a-w- e:\windows\system32\msv1_0.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- e:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- e:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-07-07 10:57 163328 --sh--r- e:\windows\system32\flvDX.dll
1990-01-01 01:01 . 1990-01-01 01:01 45056 --sh--r- e:\windows\system32\lpad32.dll
2007-02-21 10:47 . 2009-07-07 10:57 31232 --sh--r- e:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-07-07 10:57 216064 --sh--r- e:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AFProg"="e:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [2006-06-05 118784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"DAEMON Tools Lite"="e:\program files\Deamon tools\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"H/PC Connection Agent"="e:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AlcoholAutomount"="e:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"WinampAgent"="e:\program files\winamp\winampa.exe" [2008-08-03 36352]
"SMail"="e:\program files\Pošťák\Postak\Postak.exe" [2008-02-21 453936]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HP Component Manager"="e:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"TrueImageMonitor.exe"="c:\acronis true image home 11.0 cz\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="c:\acronis true image home 11.0 cz\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="e:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Reader Speed Launcher"="e:\program files\sdasdas\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
e:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - e:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
e:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-3-15 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - e:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-3-15 53248]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{8DCB0AE8-533C-A1D2-29E1-3A811135D25A}"= "e:\windows\system32\lpad32.dll" [1990-01-01 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\World of Warcraft\\Launcher.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Hamachi\\hamachi.exe"=
"e:\\Program Files\\Garena\\Garena.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"c:\\PES 10\\PLAY\\pes2010.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [19.11.2008 18:55 721904]
R1 ehdrv;ehdrv;e:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);e:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27.5.2009 2:27 29262680]
S3 TVICHW32;TVICHW32;e:\windows\system32\drivers\TVICHW32.SYS [10.10.2009 20:37 23600]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
IE: Download Using &BitSpirit - e:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30} = 62.129.50.20,85.135.32.100
FF - ProfilePath - e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT17505 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - plugin: e:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: e:\program files\sdasdas\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 21:31
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys spqv.sys >>UNKNOWN [0x86D92938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf7245cb8
\Driver\atapi -> prosync1.sys @ 0xf798f6c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf70e3bb0
PacketIndicateHandler -> NDIS.sys @ 0xf70f0a21
SendHandler -> NDIS.sys @ 0xf70ce87b
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1060)
e:\windows\system32\Ati2evxx.dll
e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
- - - - - - - > 'lsass.exe'(1116)
e:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(2448)
e:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
e:\windows\system32\lpad32.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\Ati2evxx.exe
e:\windows\system32\Ati2evxx.exe
e:\program files\Common Files\Acronis\Schedule2\schedul2.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
e:\program files\Hotspot Shield\bin\openvpnas.exe
e:\program files\Hotspot Shield\HssWPR\hsssrv.exe
e:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
e:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
e:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
e:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
e:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
e:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
e:\progra~1\MI3AA1~1\rapimgr.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
e:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Celkový čas: 2009-12-05 21:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-05 20:37
ComboFix2.txt 2009-12-05 19:29
Před spuštěním: Volných bajtů: 15 268 327 424
Po spuštění: Volných bajtů: 15 116 111 872
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 34E115BFBF5CD6F7C67682F834FDAF62
To je první, na druhém se pracuje
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.674 [GMT 1:00]
Spuštěný z: e:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\Petr\Plocha\CFScript.txt.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FILE ::
"e:\docume~1\Petr\LOCALS~1\Temp\EYDD00.tmp"
"e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll"
"e:\windows\system32\KB905474\wgasetup.exe"
"e:\windows\Tasks\WGASetup.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
e:\program files\Hotspot_Shield
e:\program files\Hotspot_Shield\tbHot0.dll
e:\windows\system32\KB905474\wgasetup.exe
e:\windows\Tasks\WGASetup.job
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GARENAPENGINE
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-05 do 2009-12-05 )))))))))))))))))))))))))))))))
.
2009-12-05 17:58 . 2009-12-03 15:14 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 17:58 . 2009-12-03 15:13 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-12-05 17:58 . 2009-12-05 17:58 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2009-12-05 17:41 . 2009-12-05 17:41 2560 ----a-w- e:\windows\_MSRSTRT.EXE
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 17:51 . 2008-11-19 18:52 -------- d-----w- e:\program files\ICQToolbar
2009-12-04 12:38 . 2008-11-19 18:12 -------- d-----w- e:\program files\World of Warcraft
2009-11-28 08:13 . 2008-11-19 17:25 -------- d-----w- e:\program files\Opera
2009-11-22 12:34 . 2002-09-23 12:00 487794 ----a-w- e:\windows\system32\perfh005.dat
2009-11-22 12:34 . 2002-09-23 12:00 101624 ----a-w- e:\windows\system32\perfc005.dat
2009-10-25 13:06 . 2009-07-24 17:36 -------- d-----w- e:\program files\DreamCom
2009-10-15 05:23 . 2009-07-06 10:15 -------- d-----w- e:\program files\Microsoft SQL Server
2009-10-11 13:09 . 2009-10-11 13:09 -------- d-----w- e:\program files\PC Drivers HeadQuarters
2009-10-11 12:40 . 2008-11-19 16:55 -------- d--h--w- e:\program files\InstallShield Installation Information
2009-10-10 19:37 . 2009-10-10 19:37 23600 ----a-w- e:\windows\system32\drivers\TVICHW32.SYS
2009-09-11 14:19 . 2004-08-17 13:49 136192 ----a-w- e:\windows\system32\msv1_0.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- e:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- e:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-07-07 10:57 163328 --sh--r- e:\windows\system32\flvDX.dll
1990-01-01 01:01 . 1990-01-01 01:01 45056 --sh--r- e:\windows\system32\lpad32.dll
2007-02-21 10:47 . 2009-07-07 10:57 31232 --sh--r- e:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-07-07 10:57 216064 --sh--r- e:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AFProg"="e:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [2006-06-05 118784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"DAEMON Tools Lite"="e:\program files\Deamon tools\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"H/PC Connection Agent"="e:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AlcoholAutomount"="e:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"WinampAgent"="e:\program files\winamp\winampa.exe" [2008-08-03 36352]
"SMail"="e:\program files\Pošťák\Postak\Postak.exe" [2008-02-21 453936]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HP Component Manager"="e:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"TrueImageMonitor.exe"="c:\acronis true image home 11.0 cz\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="c:\acronis true image home 11.0 cz\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="e:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Reader Speed Launcher"="e:\program files\sdasdas\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
e:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - e:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
e:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-3-15 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - e:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-3-15 53248]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{8DCB0AE8-533C-A1D2-29E1-3A811135D25A}"= "e:\windows\system32\lpad32.dll" [1990-01-01 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\windows\system32\wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\World of Warcraft\\Launcher.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Hamachi\\hamachi.exe"=
"e:\\Program Files\\Garena\\Garena.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"c:\\PES 10\\PLAY\\pes2010.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [19.11.2008 18:55 721904]
R1 ehdrv;ehdrv;e:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);e:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27.5.2009 2:27 29262680]
S3 TVICHW32;TVICHW32;e:\windows\system32\drivers\TVICHW32.SYS [10.10.2009 20:37 23600]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
IE: Download Using &BitSpirit - e:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30} = 62.129.50.20,85.135.32.100
FF - ProfilePath - e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT17505 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - plugin: e:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: e:\program files\sdasdas\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-05 21:31
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys spqv.sys >>UNKNOWN [0x86D92938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf7245cb8
\Driver\atapi -> prosync1.sys @ 0xf798f6c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf70e3bb0
PacketIndicateHandler -> NDIS.sys @ 0xf70f0a21
SendHandler -> NDIS.sys @ 0xf70ce87b
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1060)
e:\windows\system32\Ati2evxx.dll
e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
- - - - - - - > 'lsass.exe'(1116)
e:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(2448)
e:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
e:\windows\system32\lpad32.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\Ati2evxx.exe
e:\windows\system32\Ati2evxx.exe
e:\program files\Common Files\Acronis\Schedule2\schedul2.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
e:\program files\Hotspot Shield\bin\openvpnas.exe
e:\program files\Hotspot Shield\HssWPR\hsssrv.exe
e:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
e:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
e:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
e:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
e:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
e:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
e:\progra~1\MI3AA1~1\rapimgr.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
e:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Celkový čas: 2009-12-05 21:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-05 20:37
ComboFix2.txt 2009-12-05 19:29
Před spuštěním: Volných bajtů: 15 268 327 424
Po spuštění: Volných bajtů: 15 116 111 872
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 34E115BFBF5CD6F7C67682F834FDAF62
To je první, na druhém se pracuje
Re: Prosím o kontrolu logu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:07, on 5.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\Hotspot Shield\bin\openvpnas.exe
E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\winamp\winampa.exe
E:\Program Files\Pošťák\Postak\Postak.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Acronis True Image Home 11.0 cz\TrueImageMonitor.exe
C:\Acronis True Image Home 11.0 cz\TimounterMonitor.exe
E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
E:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Deamon tools\DAEMON Tools Lite\daemon.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\PROGRA~1\MI3AA1~1\rapimgr.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Opera\opera.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - E:\Program Files\Pošťák\Postak\SRank.dll
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\winamp\winampa.exe"
O4 - HKLM\..\Run: [SMail] "E:\Program Files\Pošťák\Postak\Postak.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Acronis True Image Home 11.0 cz\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Acronis True Image Home 11.0 cz\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\sdasdas\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [AFProg] E:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\Deamon tools\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Download Using &BitSpirit - E:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: E:\WINDOWS\system32\wbsys.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - E:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
--
End of file - 10839 bytes
Změnu jsem zaznamenal zatím jednu, při spuštěni windowsu se mi to zaplo aniž bych musel klikat, ktery z windowsu chci zapnout
Scan saved at 21:46:07, on 5.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\Hotspot Shield\bin\openvpnas.exe
E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
E:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
E:\Program Files\winamp\winampa.exe
E:\Program Files\Pošťák\Postak\Postak.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\Program Files\HP\hpcoretech\hpcmpmgr.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Acronis True Image Home 11.0 cz\TrueImageMonitor.exe
C:\Acronis True Image Home 11.0 cz\TimounterMonitor.exe
E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
E:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\Program Files\Deamon tools\DAEMON Tools Lite\daemon.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\PROGRA~1\MI3AA1~1\rapimgr.exe
E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Opera\opera.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - E:\Program Files\Pošťák\Postak\SRank.dll
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\winamp\winampa.exe"
O4 - HKLM\..\Run: [SMail] "E:\Program Files\Pošťák\Postak\Postak.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Component Manager] "E:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Acronis True Image Home 11.0 cz\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Acronis True Image Home 11.0 cz\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\sdasdas\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [AFProg] E:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\Deamon tools\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Download Using &BitSpirit - E:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: E:\WINDOWS\system32\wbsys.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - E:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - E:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
--
End of file - 10839 bytes
Změnu jsem zaznamenal zatím jednu, při spuštěni windowsu se mi to zaplo aniž bych musel klikat, ktery z windowsu chci zapnout
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: Prosím o kontrolu logu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:
KillAll::
DDS::
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT17505 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
MBR::
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj
Zkopíruj do něj následující celý text označený zeleně:
KillAll::
DDS::
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
Firefox::
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT17505 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
MBR::
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Re: Prosím o kontrolu logu
ComboFix 09-12-05.03 - Petr 06.12.2009 8:46.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.552 [GMT 1:00]
Spuštěný z: e:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\Petr\Plocha\CFScript.txt.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-06 do 2009-12-06 )))))))))))))))))))))))))))))))
.
2009-12-05 17:58 . 2009-12-03 15:14 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 17:58 . 2009-12-03 15:13 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-12-05 17:58 . 2009-12-05 17:58 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2009-12-05 17:41 . 2009-12-05 17:41 2560 ----a-w- e:\windows\_MSRSTRT.EXE
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 17:51 . 2008-11-19 18:52 -------- d-----w- e:\program files\ICQToolbar
2009-12-04 12:38 . 2008-11-19 18:12 -------- d-----w- e:\program files\World of Warcraft
2009-11-28 08:13 . 2008-11-19 17:25 -------- d-----w- e:\program files\Opera
2009-11-22 12:34 . 2002-09-23 12:00 487794 ----a-w- e:\windows\system32\perfh005.dat
2009-11-22 12:34 . 2002-09-23 12:00 101624 ----a-w- e:\windows\system32\perfc005.dat
2009-10-25 13:06 . 2009-07-24 17:36 -------- d-----w- e:\program files\DreamCom
2009-10-15 05:23 . 2009-07-06 10:15 -------- d-----w- e:\program files\Microsoft SQL Server
2009-10-11 13:09 . 2009-10-11 13:09 -------- d-----w- e:\program files\PC Drivers HeadQuarters
2009-10-11 12:40 . 2008-11-19 16:55 -------- d--h--w- e:\program files\InstallShield Installation Information
2009-10-10 19:37 . 2009-10-10 19:37 23600 ----a-w- e:\windows\system32\drivers\TVICHW32.SYS
2009-09-11 14:19 . 2004-08-17 13:49 136192 ----a-w- e:\windows\system32\msv1_0.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- e:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- e:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-07-07 10:57 163328 --sh--r- e:\windows\system32\flvDX.dll
1990-01-01 01:01 . 1990-01-01 01:01 45056 --sh--r- e:\windows\system32\lpad32.dll
2007-02-21 10:47 . 2009-07-07 10:57 31232 --sh--r- e:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-07-07 10:57 216064 --sh--r- e:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AFProg"="e:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [2006-06-05 118784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"DAEMON Tools Lite"="e:\program files\Deamon tools\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"H/PC Connection Agent"="e:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AlcoholAutomount"="e:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"WinampAgent"="e:\program files\winamp\winampa.exe" [2008-08-03 36352]
"SMail"="e:\program files\Pošťák\Postak\Postak.exe" [2008-02-21 453936]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HP Component Manager"="e:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"TrueImageMonitor.exe"="c:\acronis true image home 11.0 cz\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="c:\acronis true image home 11.0 cz\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="e:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Reader Speed Launcher"="e:\program files\sdasdas\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
e:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - e:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
e:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-3-15 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - e:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-3-15 53248]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{8DCB0AE8-533C-A1D2-29E1-3A811135D25A}"= "e:\windows\system32\lpad32.dll" [1990-01-01 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\windows\system32\wbsys.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\World of Warcraft\\Launcher.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Hamachi\\hamachi.exe"=
"e:\\Program Files\\Garena\\Garena.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"c:\\PES 10\\PLAY\\pes2010.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [19.11.2008 18:55 721904]
R1 ehdrv;ehdrv;e:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);e:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27.5.2009 2:27 29262680]
S3 TVICHW32;TVICHW32;e:\windows\system32\drivers\TVICHW32.SYS [10.10.2009 20:37 23600]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
IE: Download Using &BitSpirit - e:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30} = 62.129.50.20,85.135.32.100
FF - ProfilePath - e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT17505 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - plugin: e:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: e:\program files\sdasdas\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 08:56
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys spwv.sys >>UNKNOWN [0x86D92938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf7245cb8
\Driver\atapi -> prosync1.sys @ 0xf798f6c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf70e3bb0
PacketIndicateHandler -> NDIS.sys @ 0xf70f0a21
SendHandler -> NDIS.sys @ 0xf70ce87b
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1060)
e:\windows\system32\Ati2evxx.dll
e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
- - - - - - - > 'lsass.exe'(1116)
e:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(3872)
e:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
e:\windows\system32\lpad32.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\Ati2evxx.exe
e:\windows\system32\Ati2evxx.exe
e:\program files\Common Files\Acronis\Schedule2\schedul2.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
e:\program files\Hotspot Shield\bin\openvpnas.exe
e:\program files\Hotspot Shield\HssWPR\hsssrv.exe
e:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
e:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
e:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
e:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
e:\progra~1\MI3AA1~1\rapimgr.exe
e:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
e:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
e:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Celkový čas: 2009-12-06 09:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-06 08:00
ComboFix2.txt 2009-12-05 20:37
ComboFix3.txt 2009-12-05 19:29
Před spuštěním: Volných bajtů: 15 159 042 048
Po spuštění: Volných bajtů: 15 118 868 480
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 5F78D8F23AF3E36DEF8ACCC73E8E3F2F
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.552 [GMT 1:00]
Spuštěný z: e:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: e:\documents and settings\Petr\Plocha\CFScript.txt.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-11-06 do 2009-12-06 )))))))))))))))))))))))))))))))
.
2009-12-05 17:58 . 2009-12-03 15:14 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2009-12-05 17:58 . 2009-12-03 15:13 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-12-05 17:58 . 2009-12-05 17:58 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2009-12-05 17:41 . 2009-12-05 17:41 2560 ----a-w- e:\windows\_MSRSTRT.EXE
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-05 17:51 . 2008-11-19 18:52 -------- d-----w- e:\program files\ICQToolbar
2009-12-04 12:38 . 2008-11-19 18:12 -------- d-----w- e:\program files\World of Warcraft
2009-11-28 08:13 . 2008-11-19 17:25 -------- d-----w- e:\program files\Opera
2009-11-22 12:34 . 2002-09-23 12:00 487794 ----a-w- e:\windows\system32\perfh005.dat
2009-11-22 12:34 . 2002-09-23 12:00 101624 ----a-w- e:\windows\system32\perfc005.dat
2009-10-25 13:06 . 2009-07-24 17:36 -------- d-----w- e:\program files\DreamCom
2009-10-15 05:23 . 2009-07-06 10:15 -------- d-----w- e:\program files\Microsoft SQL Server
2009-10-11 13:09 . 2009-10-11 13:09 -------- d-----w- e:\program files\PC Drivers HeadQuarters
2009-10-11 12:40 . 2008-11-19 16:55 -------- d--h--w- e:\program files\InstallShield Installation Information
2009-10-10 19:37 . 2009-10-10 19:37 23600 ----a-w- e:\windows\system32\drivers\TVICHW32.SYS
2009-09-11 14:19 . 2004-08-17 13:49 136192 ----a-w- e:\windows\system32\msv1_0.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- e:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- e:\program files\opera\program\plugins\ssldivx.dll
2006-05-03 09:06 . 2009-07-07 10:57 163328 --sh--r- e:\windows\system32\flvDX.dll
1990-01-01 01:01 . 1990-01-01 01:01 45056 --sh--r- e:\windows\system32\lpad32.dll
2007-02-21 10:47 . 2009-07-07 10:57 31232 --sh--r- e:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-07-07 10:57 216064 --sh--r- e:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AFProg"="e:\program files\Hotspot Shield\AnchorFree\ctrl\AFController.exe" [2006-06-05 118784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="e:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"DAEMON Tools Lite"="e:\program files\Deamon tools\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"H/PC Connection Agent"="e:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"AlcoholAutomount"="e:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"WinampAgent"="e:\program files\winamp\winampa.exe" [2008-08-03 36352]
"SMail"="e:\program files\Pošťák\Postak\Postak.exe" [2008-02-21 453936]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HP Component Manager"="e:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"egui"="e:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"TrueImageMonitor.exe"="c:\acronis true image home 11.0 cz\TrueImageMonitor.exe" [2007-10-23 2615624]
"AcronisTimounterMonitor"="c:\acronis true image home 11.0 cz\TimounterMonitor.exe" [2007-10-23 906648]
"Acronis Scheduler2 Service"="e:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-23 140568]
"Adobe Reader Speed Launcher"="e:\program files\sdasdas\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
e:\documents and settings\Petr\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - e:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
e:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-3-15 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - e:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-3-15 53248]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{8DCB0AE8-533C-A1D2-29E1-3A811135D25A}"= "e:\windows\system32\lpad32.dll" [1990-01-01 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w- e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\windows\system32\wbsys.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"e:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\World of Warcraft\\Launcher.exe"=
"e:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\Hamachi\\hamachi.exe"=
"e:\\Program Files\\Garena\\Garena.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"e:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"c:\\PES 10\\PLAY\\pes2010.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [19.11.2008 18:55 721904]
R1 ehdrv;ehdrv;e:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [6.2.2009 14:24 93336]
R2 ekrn;ESET Service;e:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6.2.2009 14:23 727720]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);e:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27.5.2009 2:27 29262680]
S3 TVICHW32;TVICHW32;e:\windows\system32\drivers\TVICHW32.SYS [10.10.2009 20:37 23600]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = *.local
IE: Download Using &BitSpirit - e:\program files\BitSpirit\bsurl.htm
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
TCP: {CCFE3FAC-4BE7-41F6-B87B-87F2A7DA2B30} = 62.129.50.20,85.135.32.100
FF - ProfilePath - e:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\5ei0sppd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT17505 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - plugin: e:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: e:\program files\sdasdas\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
e:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 08:56
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys spwv.sys >>UNKNOWN [0x86D92938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28
\Driver\ACPI -> ACPI.sys @ 0xf7245cb8
\Driver\atapi -> prosync1.sys @ 0xf798f6c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xf70e3bb0
PacketIndicateHandler -> NDIS.sys @ 0xf70f0a21
SendHandler -> NDIS.sys @ 0xf70ce87b
user & kernel MBR OK
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1060)
e:\windows\system32\Ati2evxx.dll
e:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
- - - - - - - > 'lsass.exe'(1116)
e:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(3872)
e:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
e:\windows\system32\lpad32.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
e:\windows\system32\Ati2evxx.exe
e:\windows\system32\Ati2evxx.exe
e:\program files\Common Files\Acronis\Schedule2\schedul2.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
e:\program files\Hotspot Shield\bin\openvpnas.exe
e:\program files\Hotspot Shield\HssWPR\hsssrv.exe
e:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
e:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
e:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
e:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
e:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
e:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
e:\progra~1\MI3AA1~1\rapimgr.exe
e:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
e:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
e:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
e:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Celkový čas: 2009-12-06 09:01 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-12-06 08:00
ComboFix2.txt 2009-12-05 20:37
ComboFix3.txt 2009-12-05 19:29
Před spuštěním: Volných bajtů: 15 159 042 048
Po spuštění: Volných bajtů: 15 118 868 480
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 5F78D8F23AF3E36DEF8ACCC73E8E3F2F
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti