Zdravím,
potřeboval bych poradit, jak se zbavit viru, či co to mám v počítači. Po chvíli, co je počítač zapnutý, se objeví klasická hláška, že v services.exe došlo k problému a když dám "neodesílat", začne odpočet času a po minutě se počítač vypne (restartuje). Řešením pro mě byl restart "natvrdo" přes reset button, někdy i 3x po sobě...po naběhnutí Windows samozřejmě, pak už ta chyba nevyskočí, ale po dalším restartu se objeví znovu. Níže uvádím log z HiJackThis, vůbec mu nerozumím a byl bych rád, kdyby mi někdo, kdo se v tom vyzná poradil, co a jak udělat, abych se toho zbavil, popř. co doinstalovat, přeinstalovat, atd...
Předem děkuji, Avi
PS: IE nepoužívám
***********************************************
Logfile of HijackThis v1.99.1
Scan saved at 13:05:48, on 3.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
E:\Program Files\WinFast\WFTVFM\WFWIZ.exe
E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
E:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
E:\Program Files\Corel\Graphics9\Register\Remind32.exe
E:\WINDOWS\system32\devldr32.exe
E:\Program Files\Common Files\Teleca Shared\Generic.exe
E:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Program Files\Spyware Terminator\sp_rsser.exe
E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
E:\Program Files\Trillian\trillian.exe
E:\Program Files\teamspeak2_RC2\TeamSpeak.exe
C:\games\CzechRO\czexe.exe
c:\games\CzechRO\RO_MF.bin
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\totalcmd\TOTALCMD.EXE
D:\Programy\Antiviry\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serial99.com/?a
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Serial99.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 81.25.16.252 L2authd.lineage2.com
O1 - Hosts: 81.25.16.252 l2testauthd.lineage2.com
O1 - Hosts: 193.93.75.202 l2authd.lineage2.com
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] E:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [OpwareSE2] "E:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Launch LGDCore] "E:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [WinFast Schedule] E:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SpywareTerminator] "E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Reminder-cor40212.lnk = E:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - E:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - E:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Prosím o kontrolu logu a radu - services.exe
No log je v pořádku. Spíš než na viry bych to viděl na chybu v operačním systému, zkusil si ho opravit přes bootovací CD?
Ale aby si neřekl, tak ještě pošli log z ComboFixe:
Stáhněte a uložte na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
spusťte aplikaci pod účtem s administrátorským oprávněním - následuje licenční ujednání, stiskněte klávesu 1 pro pokračování - začne se testovat (celá akce trvá cca. 5-10 minut, někdy i trochu déle) - během skenu se nepokoušejte spouštět žádne jiné aplikace a neklikejte do okna ComboFixu - po dokončení se automaticky otevře okno poznámkového bloku s textem, který sem pomocí známých klávesových zkratek Ctrl + A (označení celého textu) -> Ctrl + C (uložení do jakési schránky) -> Ctrl + V (vložení textu) zkopírujte - a počkejte na další postup
Ale aby si neřekl, tak ještě pošli log z ComboFixe:
Stáhněte a uložte na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
spusťte aplikaci pod účtem s administrátorským oprávněním - následuje licenční ujednání, stiskněte klávesu 1 pro pokračování - začne se testovat (celá akce trvá cca. 5-10 minut, někdy i trochu déle) - během skenu se nepokoušejte spouštět žádne jiné aplikace a neklikejte do okna ComboFixu - po dokončení se automaticky otevře okno poznámkového bloku s textem, který sem pomocí známých klávesových zkratek Ctrl + A (označení celého textu) -> Ctrl + C (uložení do jakési schránky) -> Ctrl + V (vložení textu) zkopírujte - a počkejte na další postup
Zde je požadovaný log z ComboFix
***********************************************************************
ComboFix 08-01-05.1 - Avivaz 2008-01-05 2:14:43.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1497 [GMT 1:00]
Running from: E:\Documents and Settings\Avivaz\Plocha\combofix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Documents and Settings\Avivaz\Data aplikací\macromedia\Flash Player\#SharedObjects\XUXN37D9\iforex.com
E:\Documents and Settings\Avivaz\Data aplikací\macromedia\Flash Player\#SharedObjects\XUXN37D9\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
E:\Documents and Settings\Avivaz\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
E:\Documents and Settings\Avivaz\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
E:\WINDOWS\regedit.com
E:\WINDOWS\system32\mcrh.tmp
E:\WINDOWS\system32\taskmgr.com
E:\WINDOWS\system32\xpdx.sys
E:\WINDOWS\wr.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\xpdx
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.
2008-01-05 02:13 . 2000-08-31 08:00 51,200 --a------ E:\WINDOWS\NirCmd.exe
2008-01-05 02:01 . 2008-01-05 02:01 <DIR> d--h----- E:\WINDOWS\PIF
2008-01-01 19:41 . 2008-01-01 19:43 <DIR> d-------- E:\Program Files\GameShadow
2007-12-25 18:07 . 2007-10-12 15:14 3,734,536 --a------ E:\WINDOWS\system32\d3dx9_36.dll
2007-12-25 18:07 . 2007-10-12 15:14 1,374,232 --a------ E:\WINDOWS\system32\D3DCompiler_36.dll
2007-12-25 18:07 . 2007-10-02 09:56 444,776 --a------ E:\WINDOWS\system32\d3dx10_36.dll
2007-12-25 18:07 . 2007-10-22 03:39 267,272 --a------ E:\WINDOWS\system32\xactengine2_10.dll
2007-12-25 18:06 . 2007-12-25 18:06 <DIR> d--h----- E:\WINDOWS\msdownld.tmp
2007-12-25 18:06 . 2008-01-03 13:33 <DIR> d-------- E:\WINDOWS\LastGood
2007-12-25 18:06 . 2007-07-19 18:14 3,727,720 --a------ E:\WINDOWS\system32\d3dx9_35.dll
2007-12-25 18:06 . 2007-07-19 18:14 1,358,192 --a------ E:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-25 18:06 . 2007-07-19 18:14 444,776 --a------ E:\WINDOWS\system32\d3dx10_35.dll
2007-12-25 18:06 . 2007-07-20 00:57 267,112 --a------ E:\WINDOWS\system32\xactengine2_9.dll
2007-12-25 17:39 . 2007-12-25 17:40 <DIR> d-------- E:\Program Files\Common Files\AVSMedia
2007-12-25 17:39 . 2003-05-22 00:50 82,944 --a------ E:\WINDOWS\system32\vct3216.acm
2007-12-25 17:39 . 2004-02-04 22:11 81,920 --a------ E:\WINDOWS\system32\AC3ACM.acm
2007-12-25 17:39 . 2003-05-22 00:50 38,912 --a------ E:\WINDOWS\system32\alf2cd.acm
2007-12-25 17:39 . 2000-03-14 21:55 13,239 --a------ E:\WINDOWS\system32\Scg726.acm
2007-12-25 17:38 . 2007-12-25 17:40 <DIR> d-------- E:\Program Files\AVSMedia
2007-12-25 17:38 . 2003-05-22 00:50 1,700,352 --a------ E:\WINDOWS\system32\GdiPlus.dll
2007-12-25 17:38 . 2003-05-22 13:26 638,976 --a------ E:\WINDOWS\system32\divx.dll
2007-12-25 17:38 . 2003-05-22 00:50 261,632 --a------ E:\WINDOWS\system32\mcdvd_32.dll
2007-12-25 17:38 . 2003-05-22 13:26 221,215 --a------ E:\WINDOWS\system32\divxdec.ax
2007-12-25 17:38 . 2003-05-22 00:50 156,910 --a------ E:\WINDOWS\WMSysPr8.prx
2007-12-20 10:56 . 2007-12-20 10:56 278,728 --a------ E:\WINDOWS\system32\drivers\atksgt.sys
2007-12-20 10:56 . 2007-12-20 10:56 25,416 --a------ E:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-20 10:48 . 2007-12-20 10:49 <DIR> d-------- E:\Program Files\DAEMON Tools Lite
2007-12-17 15:32 . 2007-12-17 15:32 54,156 --ah----- E:\WINDOWS\QTFont.qfn
2007-12-17 15:32 . 2007-12-17 15:32 1,409 --a------ E:\WINDOWS\QTFont.for
2007-12-14 16:52 . 2007-12-23 12:26 <DIR> d-------- E:\Program Files\DC++
2007-12-10 20:11 . 2007-12-10 20:11 <DIR> d-------- E:\Program Files\MagicISO
2007-12-07 19:23 . 2007-12-08 13:40 <DIR> d-------- E:\Trilianthemes
2007-12-07 18:56 . 2007-12-07 18:56 219,648 --a--c--- E:\WINDOWS\system32\dllcache\uxtheme.dll
2007-12-07 18:27 . 2007-12-08 20:47 <DIR> d-------- E:\XPthemes
2007-12-07 18:11 . 2007-12-07 18:12 <DIR> d-------- E:\Documents and Settings\Avivaz\dwhelper
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 01:12 --------- d-----w E:\Program Files\Trillian
2008-01-05 00:09 --------- d-----w E:\Program Files\Spyware Terminator
2008-01-03 15:57 --------- d-----w E:\Program Files\Azureus
2008-01-01 18:33 --------- d--h--w E:\Program Files\InstallShield Installation Information
2007-12-26 19:48 22,328 ----a-w E:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-26 19:48 103,736 ----a-w E:\WINDOWS\system32\PnkBstrB.exe
2007-12-22 16:43 35,525 ----a-w E:\WINDOWS\system32\drivers\fwdrv.err
2007-12-20 09:55 --------- d-----w E:\Program Files\Xvid
2007-12-20 09:45 715,248 ----a-w E:\WINDOWS\system32\drivers\sptd.sys
2007-12-10 21:40 --------- d-----w E:\Program Files\Common Files\Wise Installation Wizard
2007-12-07 17:57 219,648 ----a-w E:\WINDOWS\system32\uxtheme.dll
2007-12-04 05:03 66,872 ----a-w E:\WINDOWS\system32\PnkBstrA.exe
2007-12-01 15:58 --------- d-----w E:\Program Files\STORMWARE
2007-12-01 15:58 --------- d-----w E:\Program Files\Common Files\STORMWARE Shared
2007-11-23 14:22 --------- d-----w E:\Program Files\Alien Skin
2007-11-20 02:05 --------- d-----w E:\Program Files\URUSoft
2007-11-14 22:14 33,952 ----a-w E:\WINDOWS\system32\drivers\oreans32.sys
2007-11-11 11:10 --------- d-----w E:\Program Files\Sony Ericsson
2007-11-11 11:10 --------- d-----w E:\Program Files\Common Files\Teleca Shared
2007-11-08 15:56 --------- d-----w E:\Program Files\AV Vcs 4.0 DIAMOND
2007-11-08 15:17 30,728 ----a-w E:\WINDOWS\system32\drivers\epfwtdir.sys
2007-11-08 15:10 27,656 ----a-w E:\WINDOWS\system32\drivers\easdrv.sys
2007-11-08 15:09 33,800 ----a-w E:\WINDOWS\system32\drivers\eamon.sys
2007-10-22 02:37 17,928 ----a-w E:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-18 15:56 15,600 ----a-w E:\WINDOWS\gdrv.sys
2007-08-20 10:02 61 --sh--w E:\WINDOWS\cnerolf.dat
2007-07-18 11:47 894,947 --sh--w E:\WINDOWS\system32\lnnmp.bak1
2007-07-19 07:35 890,665 --sh--w E:\WINDOWS\system32\lnnmp.bak2
2007-08-05 18:08 7,455 --sh--w E:\WINDOWS\system32\lnnmp.ini2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"AlcoholAutomount"="E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:27 219520]
"DAEMON Tools Lite"="E:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="E:\WINDOWS\JM\JMInsIDE.exe" [2006-10-31 05:44 36864]
"36X Raid Configurer"="E:\WINDOWS\System32\JMRaidSetup.exe" [2006-11-17 02:05 1953792]
"OpwareSE2"="E:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 10:25 257088]
"AtiPTA"="atiptaxx.exe" [2006-02-22 01:05 344064 E:\WINDOWS\system32\atiptaxx.exe]
"Launch LGDCore"="E:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 02:22 1126400]
"WinFast Schedule"="E:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2005-05-04 16:51 282624]
"SpywareTerminator"="E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-28 09:48 2778112]
"Sony Ericsson PC Suite"="E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"egui"="E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-08 16:13 1410304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
R1 atitray;atitray;E:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys [2006-11-30 08:05]
R1 epfwtdir;epfwtdir;E:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-08 16:17]
R1 fwdrv;Firewall Driver;E:\WINDOWS\system32\drivers\fwdrv.sys [2005-06-21 09:51]
R1 khips;Kerio HIPS Driver;E:\WINDOWS\system32\drivers\khips.sys [2005-05-30 08:32]
R1 oreans32;oreans32;E:\WINDOWS\system32\drivers\oreans32.sys [2007-11-14 23:14]
R1 sp_rsdrv2;Spyware Terminator Driver 2;E:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-08-28 09:48]
R2 BT848;WinFast TV2000 XP WDM Video Capture;E:\WINDOWS\system32\drivers\wf2kvcap.sys [2003-01-27 05:30]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;E:\WINDOWS\system32\drivers\wf2ktunr.sys [2003-01-27 05:30]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;E:\WINDOWS\system32\drivers\wf2kxbar.sys [2003-01-27 05:30]
R2 vnccom;vnccom;E:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 12:22]
R3 PSched;Plánovač paketů technologie QoS;E:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 vncdrv;vncdrv;E:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 12:22]
R3 WFIOCTL;WFIOCTL;E:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 15:55]
S3 gdrv;gdrv;E:\WINDOWS\gdrv.sys [2007-10-18 16:56]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);E:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 12:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;E:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 12:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;E:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 12:17]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);E:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 12:18]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);E:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 12:15]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;E:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 12:18]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);E:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 12:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f63434-aee0-11dc-b43f-0016e6dcc5af}]
\Shell\AutoRun\command - G:\Autorun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 02:20:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-05 2:22:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-05 01:22:36
.
2007-08-15 20:29:57 --- E O F ---
***********************************************************************
ComboFix 08-01-05.1 - Avivaz 2008-01-05 2:14:43.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1497 [GMT 1:00]
Running from: E:\Documents and Settings\Avivaz\Plocha\combofix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Documents and Settings\Avivaz\Data aplikací\macromedia\Flash Player\#SharedObjects\XUXN37D9\iforex.com
E:\Documents and Settings\Avivaz\Data aplikací\macromedia\Flash Player\#SharedObjects\XUXN37D9\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
E:\Documents and Settings\Avivaz\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
E:\Documents and Settings\Avivaz\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
E:\WINDOWS\regedit.com
E:\WINDOWS\system32\mcrh.tmp
E:\WINDOWS\system32\taskmgr.com
E:\WINDOWS\system32\xpdx.sys
E:\WINDOWS\wr.txt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\xpdx
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.
2008-01-05 02:13 . 2000-08-31 08:00 51,200 --a------ E:\WINDOWS\NirCmd.exe
2008-01-05 02:01 . 2008-01-05 02:01 <DIR> d--h----- E:\WINDOWS\PIF
2008-01-01 19:41 . 2008-01-01 19:43 <DIR> d-------- E:\Program Files\GameShadow
2007-12-25 18:07 . 2007-10-12 15:14 3,734,536 --a------ E:\WINDOWS\system32\d3dx9_36.dll
2007-12-25 18:07 . 2007-10-12 15:14 1,374,232 --a------ E:\WINDOWS\system32\D3DCompiler_36.dll
2007-12-25 18:07 . 2007-10-02 09:56 444,776 --a------ E:\WINDOWS\system32\d3dx10_36.dll
2007-12-25 18:07 . 2007-10-22 03:39 267,272 --a------ E:\WINDOWS\system32\xactengine2_10.dll
2007-12-25 18:06 . 2007-12-25 18:06 <DIR> d--h----- E:\WINDOWS\msdownld.tmp
2007-12-25 18:06 . 2008-01-03 13:33 <DIR> d-------- E:\WINDOWS\LastGood
2007-12-25 18:06 . 2007-07-19 18:14 3,727,720 --a------ E:\WINDOWS\system32\d3dx9_35.dll
2007-12-25 18:06 . 2007-07-19 18:14 1,358,192 --a------ E:\WINDOWS\system32\D3DCompiler_35.dll
2007-12-25 18:06 . 2007-07-19 18:14 444,776 --a------ E:\WINDOWS\system32\d3dx10_35.dll
2007-12-25 18:06 . 2007-07-20 00:57 267,112 --a------ E:\WINDOWS\system32\xactengine2_9.dll
2007-12-25 17:39 . 2007-12-25 17:40 <DIR> d-------- E:\Program Files\Common Files\AVSMedia
2007-12-25 17:39 . 2003-05-22 00:50 82,944 --a------ E:\WINDOWS\system32\vct3216.acm
2007-12-25 17:39 . 2004-02-04 22:11 81,920 --a------ E:\WINDOWS\system32\AC3ACM.acm
2007-12-25 17:39 . 2003-05-22 00:50 38,912 --a------ E:\WINDOWS\system32\alf2cd.acm
2007-12-25 17:39 . 2000-03-14 21:55 13,239 --a------ E:\WINDOWS\system32\Scg726.acm
2007-12-25 17:38 . 2007-12-25 17:40 <DIR> d-------- E:\Program Files\AVSMedia
2007-12-25 17:38 . 2003-05-22 00:50 1,700,352 --a------ E:\WINDOWS\system32\GdiPlus.dll
2007-12-25 17:38 . 2003-05-22 13:26 638,976 --a------ E:\WINDOWS\system32\divx.dll
2007-12-25 17:38 . 2003-05-22 00:50 261,632 --a------ E:\WINDOWS\system32\mcdvd_32.dll
2007-12-25 17:38 . 2003-05-22 13:26 221,215 --a------ E:\WINDOWS\system32\divxdec.ax
2007-12-25 17:38 . 2003-05-22 00:50 156,910 --a------ E:\WINDOWS\WMSysPr8.prx
2007-12-20 10:56 . 2007-12-20 10:56 278,728 --a------ E:\WINDOWS\system32\drivers\atksgt.sys
2007-12-20 10:56 . 2007-12-20 10:56 25,416 --a------ E:\WINDOWS\system32\drivers\lirsgt.sys
2007-12-20 10:48 . 2007-12-20 10:49 <DIR> d-------- E:\Program Files\DAEMON Tools Lite
2007-12-17 15:32 . 2007-12-17 15:32 54,156 --ah----- E:\WINDOWS\QTFont.qfn
2007-12-17 15:32 . 2007-12-17 15:32 1,409 --a------ E:\WINDOWS\QTFont.for
2007-12-14 16:52 . 2007-12-23 12:26 <DIR> d-------- E:\Program Files\DC++
2007-12-10 20:11 . 2007-12-10 20:11 <DIR> d-------- E:\Program Files\MagicISO
2007-12-07 19:23 . 2007-12-08 13:40 <DIR> d-------- E:\Trilianthemes
2007-12-07 18:56 . 2007-12-07 18:56 219,648 --a--c--- E:\WINDOWS\system32\dllcache\uxtheme.dll
2007-12-07 18:27 . 2007-12-08 20:47 <DIR> d-------- E:\XPthemes
2007-12-07 18:11 . 2007-12-07 18:12 <DIR> d-------- E:\Documents and Settings\Avivaz\dwhelper
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 01:12 --------- d-----w E:\Program Files\Trillian
2008-01-05 00:09 --------- d-----w E:\Program Files\Spyware Terminator
2008-01-03 15:57 --------- d-----w E:\Program Files\Azureus
2008-01-01 18:33 --------- d--h--w E:\Program Files\InstallShield Installation Information
2007-12-26 19:48 22,328 ----a-w E:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-26 19:48 103,736 ----a-w E:\WINDOWS\system32\PnkBstrB.exe
2007-12-22 16:43 35,525 ----a-w E:\WINDOWS\system32\drivers\fwdrv.err
2007-12-20 09:55 --------- d-----w E:\Program Files\Xvid
2007-12-20 09:45 715,248 ----a-w E:\WINDOWS\system32\drivers\sptd.sys
2007-12-10 21:40 --------- d-----w E:\Program Files\Common Files\Wise Installation Wizard
2007-12-07 17:57 219,648 ----a-w E:\WINDOWS\system32\uxtheme.dll
2007-12-04 05:03 66,872 ----a-w E:\WINDOWS\system32\PnkBstrA.exe
2007-12-01 15:58 --------- d-----w E:\Program Files\STORMWARE
2007-12-01 15:58 --------- d-----w E:\Program Files\Common Files\STORMWARE Shared
2007-11-23 14:22 --------- d-----w E:\Program Files\Alien Skin
2007-11-20 02:05 --------- d-----w E:\Program Files\URUSoft
2007-11-14 22:14 33,952 ----a-w E:\WINDOWS\system32\drivers\oreans32.sys
2007-11-11 11:10 --------- d-----w E:\Program Files\Sony Ericsson
2007-11-11 11:10 --------- d-----w E:\Program Files\Common Files\Teleca Shared
2007-11-08 15:56 --------- d-----w E:\Program Files\AV Vcs 4.0 DIAMOND
2007-11-08 15:17 30,728 ----a-w E:\WINDOWS\system32\drivers\epfwtdir.sys
2007-11-08 15:10 27,656 ----a-w E:\WINDOWS\system32\drivers\easdrv.sys
2007-11-08 15:09 33,800 ----a-w E:\WINDOWS\system32\drivers\eamon.sys
2007-10-22 02:37 17,928 ----a-w E:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-18 15:56 15,600 ----a-w E:\WINDOWS\gdrv.sys
2007-08-20 10:02 61 --sh--w E:\WINDOWS\cnerolf.dat
2007-07-18 11:47 894,947 --sh--w E:\WINDOWS\system32\lnnmp.bak1
2007-07-19 07:35 890,665 --sh--w E:\WINDOWS\system32\lnnmp.bak2
2007-08-05 18:08 7,455 --sh--w E:\WINDOWS\system32\lnnmp.ini2
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"AlcoholAutomount"="E:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:27 219520]
"DAEMON Tools Lite"="E:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="E:\WINDOWS\JM\JMInsIDE.exe" [2006-10-31 05:44 36864]
"36X Raid Configurer"="E:\WINDOWS\System32\JMRaidSetup.exe" [2006-11-17 02:05 1953792]
"OpwareSE2"="E:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 10:25 257088]
"AtiPTA"="atiptaxx.exe" [2006-02-22 01:05 344064 E:\WINDOWS\system32\atiptaxx.exe]
"Launch LGDCore"="E:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 02:22 1126400]
"WinFast Schedule"="E:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2005-05-04 16:51 282624]
"SpywareTerminator"="E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-28 09:48 2778112]
"Sony Ericsson PC Suite"="E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"egui"="E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-08 16:13 1410304]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)
R1 atitray;atitray;E:\Program Files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys [2006-11-30 08:05]
R1 epfwtdir;epfwtdir;E:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-08 16:17]
R1 fwdrv;Firewall Driver;E:\WINDOWS\system32\drivers\fwdrv.sys [2005-06-21 09:51]
R1 khips;Kerio HIPS Driver;E:\WINDOWS\system32\drivers\khips.sys [2005-05-30 08:32]
R1 oreans32;oreans32;E:\WINDOWS\system32\drivers\oreans32.sys [2007-11-14 23:14]
R1 sp_rsdrv2;Spyware Terminator Driver 2;E:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-08-28 09:48]
R2 BT848;WinFast TV2000 XP WDM Video Capture;E:\WINDOWS\system32\drivers\wf2kvcap.sys [2003-01-27 05:30]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;E:\WINDOWS\system32\drivers\wf2ktunr.sys [2003-01-27 05:30]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;E:\WINDOWS\system32\drivers\wf2kxbar.sys [2003-01-27 05:30]
R2 vnccom;vnccom;E:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 12:22]
R3 PSched;Plánovač paketů technologie QoS;E:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
R3 vncdrv;vncdrv;E:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 12:22]
R3 WFIOCTL;WFIOCTL;E:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 15:55]
S3 gdrv;gdrv;E:\WINDOWS\gdrv.sys [2007-10-18 16:56]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);E:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 12:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;E:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 12:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;E:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 12:17]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);E:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 12:18]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);E:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 12:15]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;E:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 12:18]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);E:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 12:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f63434-aee0-11dc-b43f-0016e6dcc5af}]
\Shell\AutoRun\command - G:\Autorun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 02:20:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-05 2:22:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-05 01:22:36
.
2007-08-15 20:29:57 --- E O F ---
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host