Log Hijackthis

[Deezer]

Dobrý den. Poprosil bych o kontrolu logu Hijackthis. Problém spočívá v tom, že najednou PC spadne a při restartu napíše hlášku "chyba při čtení z disku". Ale PC jsem kvůli podobným problémům měl na přeinstalaci a nastavení u profi firmy cca před měsícem. Takže nerozumím... Když se při resetu Biosu dostanu do windows, tak mi to napíše hlášku, že nastala chyba souboru winlogon.exe. Na netu jsem zjistil, že by to snad měl být trojan, ale neumím v tom moc chodit. Poradíte? Díky.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:10:46, on 1.1.2002
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Uživatel\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "D:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISE10DB5DAE57640EAA7FC1CB2A7B283A6_9_09_1112.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISE10DB5DAE57640EAA7FC1CB2A7B283A6_9_09_1112.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\196.21\winxp\international\PhysX_9.09.1112_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7166379218
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1EC789DE-053D-45A0-BBBB-151E9BE44E3F}: NameServer = 94.142.233.120,94.142.233.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{1EC789DE-053D-45A0-BBBB-151E9BE44E3F}: NameServer = 94.142.233.120,94.142.233.140
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - F:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9679 bytes

[Reklama]

[Damned]

winlogon.exe je systémový.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISE10DB5DAE57640EAA7FC1CB2A7B283A6_9_09_1112.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISE10DB5DAE57640EAA7FC1CB2A7B283A6_9_09_1112.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\196.21\winxp\international\PhysX_9.09.1112_SystemSoftware.exe"
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
*****************************************************************************************************************************************
Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\WINDOWS\system32\winlogon.exe
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[Deezer]

Takze Hijackthis hotovo.


Virustotal:

http://www.virustotal.com/cs/analisis/f ... 1266797278



A log z Malware:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3772
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.2.2010 1:16:30
mbam-log-2010-02-22 (01-16-30).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 116715
Uplynulý čas: 4 minute(s), 32 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

[Damned]

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Deezer]

Zdravim,

tak tady je log z Combofixu:


ComboFix 10-02-21.02 - Uživatel 22.02.2010 9:21.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1354 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Data

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-22 do 2010-02-22 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 00:16 . 2010-06-22 00:13 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-22 00:12 . 2010-06-21 23:34 -------- d-----w- c:\program files\Intel
2010-06-22 00:04 . 2010-06-22 00:04 -------- d-----w- c:\program files\Realtek
2010-06-22 00:04 . 2010-06-22 00:04 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-21 23:19 . 2010-06-21 23:19 -------- d-----w- c:\program files\microsoft frontpage
2010-06-21 23:16 . 2010-06-21 23:16 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-22 08:14 . 2010-02-20 14:41 -------- d-----w- c:\program files\Steam
2010-02-22 08:13 . 2010-02-21 23:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-22 00:11 . 2010-02-22 00:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-21 19:04 . 2010-01-24 16:34 -------- d-----w- c:\program files\SpeedFan
2010-02-21 17:53 . 2007-08-02 12:00 95126 ----a-w- c:\windows\system32\perfc005.dat
2010-02-21 17:53 . 2007-08-02 12:00 469950 ----a-w- c:\windows\system32\perfh005.dat
2010-02-20 16:55 . 2010-02-20 16:55 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-18 14:31 . 2010-02-10 16:26 -------- d-----w- c:\program files\DOSBox-0.72
2010-02-16 20:01 . 2010-02-16 20:01 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-02-16 20:00 . 2010-02-16 20:00 -------- d-----r- c:\program files\Skype
2010-02-16 20:00 . 2010-02-16 20:00 -------- d-----w- c:\program files\Common Files\Skype
2010-02-09 22:34 . 2010-06-22 00:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-02 10:57 . 2010-02-02 10:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-30 14:45 . 2010-01-30 14:45 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-30 14:44 . 2010-06-22 00:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-30 14:43 . 2010-01-30 14:28 -------- d-----w- c:\program files\Common Files\BioWare
2010-01-29 18:42 . 2010-01-29 18:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-01-29 18:40 . 2010-01-29 15:25 -------- d-----w- c:\program files\Nokia
2010-01-29 18:39 . 2010-01-29 18:39 -------- d-----w- c:\program files\MSXML 6.0
2010-01-29 18:38 . 2010-01-29 18:38 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-01-29 18:38 . 2010-01-29 16:04 -------- d-----w- c:\program files\Common Files\Nokia
2010-01-29 16:15 . 2010-01-29 16:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-01-29 16:15 . 2010-01-29 16:15 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-01-29 16:15 . 2010-01-29 16:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-01-29 16:15 . 2010-01-29 16:15 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-01-29 16:04 . 2010-01-29 15:26 -------- d-----w- c:\program files\DIFX
2010-01-29 16:04 . 2010-01-29 16:04 -------- d-----w- c:\program files\PC Connectivity Solution
2010-01-25 17:52 . 2010-01-25 17:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-25 17:35 . 2010-01-25 17:35 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-25 17:33 . 2010-01-25 17:33 -------- d-----w- c:\program files\MSXML 4.0
2010-01-25 08:37 . 2010-01-25 08:36 -------- d-----w- c:\program files\SweetIM
2010-01-25 08:34 . 2010-01-25 08:32 -------- d-----w- c:\program files\ICQ6.5
2010-01-25 06:56 . 2010-01-25 06:38 69175 ----a-w- c:\windows\hpoins05.dat
2010-01-25 06:54 . 2010-01-25 06:54 -------- d-----w- c:\program files\Common Files\HP
2010-01-25 06:53 . 2010-01-25 06:41 -------- d-----w- c:\program files\HP
2010-01-25 06:53 . 2010-01-25 06:53 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-25 06:52 . 2010-01-25 06:52 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-01-25 00:20 . 2010-01-24 18:32 -------- d-----w- c:\program files\Microsoft Works
2010-01-24 18:31 . 2010-01-24 18:31 -------- d-----w- c:\program files\Microsoft.NET
2010-01-24 17:03 . 2010-01-24 16:27 -------- d-----w- c:\program files\NortonInstaller
2010-01-24 16:59 . 2010-01-24 16:47 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-24 16:47 . 2010-01-24 16:47 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-24 16:47 . 2010-01-24 16:47 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-24 16:47 . 2010-01-24 16:47 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-01-24 16:47 . 2010-01-24 16:47 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-24 16:47 . 2010-01-24 16:47 -------- d-----w- c:\program files\Symantec
2010-01-24 16:46 . 2010-01-24 16:46 -------- d-----w- c:\program files\Windows Sidebar
2010-01-24 16:46 . 2010-01-24 16:46 -------- d-----w- c:\program files\Norton Internet Security
2010-01-24 08:45 . 2010-01-24 08:42 -------- d-----w- c:\program files\totalcmd
2010-01-24 08:44 . 2010-01-24 08:44 -------- d-----w- c:\program files\Defraggler
2010-01-24 08:41 . 2010-01-24 08:41 -------- d-----w- c:\program files\CCleaner
2010-01-24 08:13 . 2010-01-24 07:57 -------- d-----w- c:\program files\Creative
2010-01-24 08:12 . 2010-01-23 12:43 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-24 08:12 . 2010-01-23 12:43 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-24 08:10 . 2010-01-24 08:10 -------- d--h--w- c:\program files\Creative Installation Information
2010-01-24 08:10 . 2010-01-24 08:10 -------- d-----w- c:\program files\Common Files\Creative
2010-01-23 12:39 . 2010-01-23 12:39 -------- d-----w- c:\program files\Futuremark
2010-01-22 06:21 . 2010-01-22 06:21 -------- d-----w- c:\program files\Lavalys
2010-01-22 03:47 . 2010-01-22 03:47 -------- d-----w- c:\program files\System Stability Tester
2010-01-22 03:40 . 2010-01-22 02:21 -------- d-----w- c:\program files\Windows Desktop Search
2010-01-22 02:59 . 2010-01-22 02:59 -------- d-----w- c:\program files\MSBuild
2010-01-22 02:59 . 2010-01-22 02:59 -------- d-----w- c:\program files\Reference Assemblies
2010-01-22 02:21 . 2010-01-22 02:21 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-22 02:08 . 2010-06-21 23:19 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-22 02:08 . 2010-06-21 23:19 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-22 02:07 . 2010-06-21 23:19 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-01-12 04:03 . 2010-06-22 00:12 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 04:03 . 2010-06-22 00:12 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-12 04:03 . 2010-06-22 00:12 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2010-06-22 00:12 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03 . 2010-06-22 00:12 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03 . 2010-06-22 00:12 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2010-06-22 00:12 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2010-06-22 00:12 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2010-06-22 00:12 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 04:03 . 2010-06-22 00:12 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2010-06-22 00:12 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2010-06-22 00:12 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-07 15:07 . 2010-02-22 00:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-02-22 00:11 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2007-08-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-25 16:50 . 2010-06-22 00:04 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-12-25 16:50 . 2010-06-22 00:04 358944 ----a-w- c:\windows\vncutil.exe
2009-12-25 16:50 . 2010-06-22 00:04 1833504 ----a-w- c:\windows\SkyTel.exe
2009-12-25 16:50 . 2010-06-22 00:04 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-12-25 16:50 . 2010-06-22 00:04 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-12-25 16:50 . 2010-06-22 00:04 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-12-25 16:50 . 2010-06-22 00:04 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-12-25 16:50 . 2010-06-22 00:04 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-12-25 16:49 . 2010-06-22 00:04 2177568 ----a-w- c:\windows\MicCal.exe
2009-12-25 16:49 . 2010-06-22 00:04 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-12-25 16:49 . 2010-06-22 00:04 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-12-25 16:26 . 2010-06-22 00:04 6039584 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-12-22 05:09 . 2009-12-22 05:09 81920 ------w- c:\windows\system32\ieencode.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-12-21 1803064]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-12-10 401728]
"Steam"="c:\program files\Steam\Steam.exe" [2010-02-20 1217872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2009-12-25 18789408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"P17Helper"="P17.dll" [2005-05-03 64512]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"NokiaMusic FastStart"="d:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"f:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"f:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"f:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens vs predator\\AvP_Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens vs predator\\AvP_DX11.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\aliens vs predator\\AvP.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1105000.07F\symds.sys [24.1.2010 20:27 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1105000.07F\symefa.sys [24.1.2010 20:27 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100211.001\BHDrvx86.sys [11.2.2010 19:44 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1105000.07F\cchpx86.sys [24.1.2010 20:27 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1105000.07F\ironx86.sys [24.1.2010 20:27 116272]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe [24.1.2010 20:27 126392]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100218.001\IDSXpx86.sys [19.2.2010 22:21 329592]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22.6.2010 1:04 1691480]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;f:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [30.1.2010 15:37 25832]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: {1EC789DE-053D-45A0-BBBB-151E9BE44E3F} = 94.142.233.120,94.142.233.140
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-22 09:23
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3164)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-02-22 09:24:47
ComboFix-quarantined-files.txt 2010-02-22 08:24

Před spuštěním: Volných bajtů: 49 108 504 576
Po spuštění: Volných bajtů: 49 070 288 896

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D47A359BF992981FACFDBF42E3E4D1DB