Prosím o kontrolu 2 os
1. windows xp professional czech sp2 - problém
2. windows xp professional english sp3 - pro jistotu jestly nejsou provázaný
prosím o kontrolu Vyřešeno
prosím o kontrolu
Naposledy upravil(a) vashut dne 30 dub 2008 18:32, celkem upraveno 3 x.
uživatel odstaven
win xp cz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:01, on 15.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Nokia\PC Suite for Nokia 7650\connmngmntbox.exe
C:\Nokia\PC Suite for Nokia 7650\ectaskscheduler.exe
C:\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Nokia\PCSUIT~1\BROADC~1.EXE
C:\Nokia\PCSUIT~1\SCRFS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSWin-2126988477.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PCSuiteForNokia7650 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia7650 TS.lnk = ?
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: MSWSC2 - C:\WINDOWS\SYSTEM32\msxmfuq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
--
End of file - 7226 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:28:01, on 15.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Nokia\PC Suite for Nokia 7650\connmngmntbox.exe
C:\Nokia\PC Suite for Nokia 7650\ectaskscheduler.exe
C:\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Nokia\PCSUIT~1\BROADC~1.EXE
C:\Nokia\PCSUIT~1\SCRFS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSWin-2126988477.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PCSuiteForNokia7650 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia7650 TS.lnk = ?
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: MSWSC2 - C:\WINDOWS\SYSTEM32\msxmfuq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
--
End of file - 7226 bytes
Naposledy upravil(a) vashut dne 16 bře 2008 12:34, celkem upraveno 1 x.
uživatel odstaven
win xp en
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:57, on 15.3.2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Cole2k Media Toolbar Helper - {5499BCB1-5641-4A4C-9F75-462D4D8D0DA0} - D:\Program Files\Cole2k Media Toolbar\v3.3.0.1\Cole2k_Media_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: Cole2k Media Toolbar - {8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} - D:\Program Files\Cole2k Media Toolbar\v3.3.0.1\Cole2k_Media_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 4540 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:57, on 15.3.2008
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Cole2k Media Toolbar Helper - {5499BCB1-5641-4A4C-9F75-462D4D8D0DA0} - D:\Program Files\Cole2k Media Toolbar\v3.3.0.1\Cole2k_Media_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: Cole2k Media Toolbar - {8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} - D:\Program Files\Cole2k Media Toolbar\v3.3.0.1\Cole2k_Media_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 4540 bytes
uživatel odstaven
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
použij u českýxh xpéček sdfix
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj. pokud ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt+ pošli nový HJT log.
.........................................
druhý log je v pořádku-nevidím žádné zabezpečení!
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj. pokud ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt+ pošli nový HJT log.
.........................................
druhý log je v pořádku-nevidím žádné zabezpečení!
Re: Prosím o kontrolu
tady je SDFix:
SDFix: Version 1.158
Run by Vaçek on Łt 18.03.2008 at 12:50
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\213.TMP - Deleted
C:\214.TMP - Deleted
C:\215.TMP - Deleted
C:\216.TMP - Deleted
C:\217.TMP - Deleted
C:\218.TMP - Deleted
C:\219.TMP - Deleted
C:\21A.TMP - Deleted
C:\21B.TMP - Deleted
C:\21C.TMP - Deleted
C:\21D.TMP - Deleted
C:\21E.TMP - Deleted
C:\21F.TMP - Deleted
C:\220.TMP - Deleted
C:\221.TMP - Deleted
C:\222.TMP - Deleted
C:\WINDOWS\SYSTEM32\MSXMFUQ.DLL - Deleted
C:\WINDOWS\regedit.com - Deleted
C:\WINDOWS\system32\Px.ax - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 13:04:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\\WINDOWS\\System32\\mmc.exe"="C:\\WINDOWS\\System32\\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"D:\\Program Files\\BitComet\\BitComet.exe"="D:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 2 Oct 1995 93,366 ..SH. --- "C:\COMMAND.COM"
Tue 17 Apr 2007 322,560 A..H. --- "C:\Braçule\kolektivnˇ smlouva\~WRL3391.tmp"
Tue 17 Apr 2007 322,560 A..H. --- "C:\Braçule\kolektivnˇ smlouva\~WRL4073.tmp"
Thu 18 Oct 2007 122,880 A..H. --- "C:\disk - mini\disk - çkola\~WRL0974.tmp"
Tue 22 May 2007 26,624 A..H. --- "C:\disk - mini\disk - çkola\~WRL3653.tmp"
Thu 7 Jul 2005 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Thu 7 Jul 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Thu 7 Jul 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 7 Jul 2005 20 A..H. --- "C:\Documents and Settings\Vaçek\Dokumenty\drmv1lic.bak"
Thu 7 Jul 2005 4,348 ...H. --- "C:\Documents and Settings\Vaçek\Dokumenty\drmv1key.bak"
Thu 7 Jul 2005 1,536 A..H. --- "C:\Documents and Settings\Vaçek\Dokumenty\drmv2lic.bak"
Thu 7 Jul 2005 312 ...H. --- "C:\Documents and Settings\Vaçek\Dokumenty\drmv2key.bak"
Mon 20 Oct 2003 73,688 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Sat 24 Jan 2004 5,120 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Thu 31 Aug 2006 117,248 A..H. --- "C:\mark‚ty flash\ZbynŘk-pr ce\Stavebnˇ denˇky\~WRL2047.tmp"
Thu 7 Jul 2005 20 A..H. --- "C:\Documents and Settings\Vaçek\Dokumenty\Filmy\drmv1lic.bak"
Thu 7 Jul 2005 4,348 ...H. --- "C:\Documents and Settings\Vaçek\Dokumenty\Filmy\drmv1key.bak"
Thu 7 Jul 2005 400 A.SH. --- "C:\Documents and Settings\Vaçek\Dokumenty\Filmy\drmv2key.bak"
Fri 12 May 2006 854,528 A.SHR --- "C:\Documents and Settings\Vaçek\Local Settings\Data aplikacˇ\TouchStoneSoftware\rwres32.dll"
Sun 16 Mar 2008 165,232 A..H. --- "C:\Documents and Settings\Vaçek\Data aplikacˇ\Microsoft\Virtual PC\VPCKeyboard.dll"
Finished!
a tady HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:16, on 18.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Nokia\PC Suite for Nokia 7650\connmngmntbox.exe
C:\Nokia\PC Suite for Nokia 7650\ectaskscheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Nokia\PCSUIT~1\BROADC~1.EXE
C:\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSWin-2126988477.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PCSuiteForNokia7650 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia7650 TS.lnk = ?
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
--
End of file - 7501 bytes
...............
musím tam ještě shazovat tcpsvcs.exe bere 97% cpu
nedávno jsem tady byl
http://www.pc-help.cz/viewtopic.php?f=70&t=24935
problém není v USB ale s netem jakmile mám povolený cokoliv co souvisí s připojenim (usb a k nemu modem nebo lan) tak padá jinak ne.
....................................................................
v 2. os nejsou ochrany, protože ho používám jako ladící systém když tenhle padá
navíc ještě není legální a hodlám ho smazat (nebo legalizovat ještě úplně nevím), až tenhle bude funkční.
SDFix: Version 1.158
Run by Vaçek on Łt 18.03.2008 at 12:50
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\213.TMP - Deleted
C:\214.TMP - Deleted
C:\215.TMP - Deleted
C:\216.TMP - Deleted
C:\217.TMP - Deleted
C:\218.TMP - Deleted
C:\219.TMP - Deleted
C:\21A.TMP - Deleted
C:\21B.TMP - Deleted
C:\21C.TMP - Deleted
C:\21D.TMP - Deleted
C:\21E.TMP - Deleted
C:\21F.TMP - Deleted
C:\220.TMP - Deleted
C:\221.TMP - Deleted
C:\222.TMP - Deleted
C:\WINDOWS\SYSTEM32\MSXMFUQ.DLL - Deleted
C:\WINDOWS\regedit.com - Deleted
C:\WINDOWS\system32\Px.ax - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 13:04:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\\WINDOWS\\System32\\mmc.exe"="C:\\WINDOWS\\System32\\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"D:\\Program Files\\BitComet\\BitComet.exe"="D:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 2 Oct 1995 93,366 ..SH. --- "C:\COMMAND.COM"
Tue 17 Apr 2007 322,560 A..H. --- "C:\Braçule\kolektivnˇ smlouva\~WRL3391.tmp"
Tue 17 Apr 2007 322,560 A..H. --- "C:\Braçule\kolektivnˇ smlouva\~WRL4073.tmp"
Thu 18 Oct 2007 122,880 A..H. --- "C:\disk - mini\disk - çkola\~WRL0974.tmp"
Tue 22 May 2007 26,624 A..H. --- "C:\disk - mini\disk - çkola\~WRL3653.tmp"
Thu 7 Jul 2005 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Thu 7 Jul 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Thu 7 Jul 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 7 Jul 2005 20 A..H. --- "C:\Documents and Settings\Vaçek\Dokumenty\drmv1lic.bak"
Thu 7 Jul 2005 4,348 ...H. --- "C:\Documents and Settings\Vaçek\Dokumenty\drmv1key.bak"
Thu 7 Jul 2005 1,536 A..H. --- "C:\Documents and Settings\Vaçek\Dokumenty\drmv2lic.bak"
Thu 7 Jul 2005 312 ...H. --- "C:\Documents and Settings\Vaçek\Dokumenty\drmv2key.bak"
Mon 20 Oct 2003 73,688 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Sat 24 Jan 2004 5,120 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Thu 31 Aug 2006 117,248 A..H. --- "C:\mark‚ty flash\ZbynŘk-pr ce\Stavebnˇ denˇky\~WRL2047.tmp"
Thu 7 Jul 2005 20 A..H. --- "C:\Documents and Settings\Vaçek\Dokumenty\Filmy\drmv1lic.bak"
Thu 7 Jul 2005 4,348 ...H. --- "C:\Documents and Settings\Vaçek\Dokumenty\Filmy\drmv1key.bak"
Thu 7 Jul 2005 400 A.SH. --- "C:\Documents and Settings\Vaçek\Dokumenty\Filmy\drmv2key.bak"
Fri 12 May 2006 854,528 A.SHR --- "C:\Documents and Settings\Vaçek\Local Settings\Data aplikacˇ\TouchStoneSoftware\rwres32.dll"
Sun 16 Mar 2008 165,232 A..H. --- "C:\Documents and Settings\Vaçek\Data aplikacˇ\Microsoft\Virtual PC\VPCKeyboard.dll"
Finished!
a tady HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:16, on 18.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Nokia\PC Suite for Nokia 7650\connmngmntbox.exe
C:\Nokia\PC Suite for Nokia 7650\ectaskscheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Nokia\PCSUIT~1\BROADC~1.EXE
C:\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSWin-2126988477.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PCSuiteForNokia7650 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia7650 TS.lnk = ?
O4 - Global Startup: Akcelerátor spuštění AutoCADu.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
--
End of file - 7501 bytes
...............
musím tam ještě shazovat tcpsvcs.exe bere 97% cpu
nedávno jsem tady byl
http://www.pc-help.cz/viewtopic.php?f=70&t=24935
problém není v USB ale s netem jakmile mám povolený cokoliv co souvisí s připojenim (usb a k nemu modem nebo lan) tak padá jinak ne.
....................................................................
v 2. os nejsou ochrany, protože ho používám jako ladící systém když tenhle padá
navíc ještě není legální a hodlám ho smazat (nebo legalizovat ještě úplně nevím), až tenhle bude funkční.
uživatel odstaven
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
na druhý OS sem již zapoměl
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
na druhý OS sem již zapoměl
Re: Prosím o kontrolu
tady je ComboFix
ComboFix 08-03-17.1 - Vašek 2008-03-18 14:27:52.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.198 [GMT 1:00]
Running from: C:\Documents and Settings\Vašek\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\taskmgr.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.
2008-03-18 12:50 . 2004-08-17 15:49 577,024 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-03-18 12:49 . 2008-03-18 12:49 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-18 12:43 . 2008-03-16 06:19 <DIR> d-------- C:\SDFix
2008-03-18 12:33 . 2008-03-18 12:34 1,413,305 --a------ C:\SDFix.exe
2008-03-16 18:32 . 2001-08-23 13:00 18,944 --a------ C:\WINDOWS\system32\simptcp.dll
2008-03-15 17:21 . 2008-03-15 17:21 <DIR> d-------- C:\Program Files\Comodo
2008-03-15 17:16 . 2008-03-15 17:16 42,418 --a------ C:\cc_20080315_1716.reg
2008-03-15 15:10 . 2008-03-15 15:10 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-03-15 15:06 . 2008-03-15 15:06 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-14 16:23 . 2008-03-14 16:23 <DIR> d-------- C:\Program Files\Microsoft Virtual PC
2008-03-13 17:45 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-03-13 17:45 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-03-11 18:38 . 2008-03-11 18:38 <DIR> d-------- C:\4 jirka
2008-03-11 16:49 . 2008-03-11 16:49 <DIR> d-------- C:\Program Files\NeoSmart Technologies
2008-03-09 09:50 . 2008-03-09 09:50 <DIR> d-------- C:\disk - mini
2008-03-08 15:21 . 2008-03-08 15:21 <DIR> d-------- C:\mark‚ty flash
2008-03-07 16:44 . 2008-03-07 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-03-07 16:39 . 2008-03-07 16:39 <DIR> d-------- C:\Program Files\TouchStoneSoftware
2008-03-07 16:17 . 2008-03-07 16:17 <DIR> d-------- C:\Vdefs
2008-03-07 14:41 . 2008-03-07 14:41 <DIR> d-------- C:\4 vista
2008-03-07 14:17 . 2008-03-07 14:17 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-03-07 14:17 . 2008-03-07 14:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\HP Product Assistant
2008-03-07 14:15 . 2008-03-12 20:53 157,597 --a------ C:\WINDOWS\hpoins14.dat
2008-03-07 14:15 . 2007-06-06 00:07 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-03-06 21:30 . 2008-03-06 21:30 832 --a------ C:\cc_20080306_2130.reg
2008-03-05 18:46 . 2008-03-05 18:46 <DIR> d-------- C:\zalohaD
2008-03-05 16:48 . 2008-03-05 16:48 <DIR> d-------- C:\!wassup
2008-03-04 19:48 . 2008-03-04 19:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Avg7
2008-03-04 18:06 . 2008-03-04 18:06 <DIR> d-------- C:\HijackThis
2008-03-04 16:35 . 2008-03-04 16:32 300,048 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-04 16:35 . 2008-03-04 16:32 245,760 --a------ C:\WINDOWS\system32\imon.dll
2008-03-04 16:35 . 2008-03-04 16:32 114,688 --a------ C:\WINDOWS\system32\nms32.dll
2008-03-04 16:35 . 2008-03-04 16:35 442 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-03-04 16:31 . 2008-03-04 16:31 <DIR> d-------- C:\Program Files\ESET
2008-03-04 15:02 . 2008-03-04 15:03 28,816 --a------ C:\cc_20080304_1502.reg
2008-03-04 14:54 . 2008-03-04 14:54 <DIR> d-------- C:\Program Files\RegCleaner
2008-03-04 14:54 . 2008-03-04 14:54 <DIR> d-------- C:\Program Files\CCleaner
2008-03-03 17:24 . 2004-08-17 15:49 14,336 --a------ C:\WINDOWS\system32\Copy of svchost.exe
2008-03-02 17:42 . 2008-03-02 17:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-02 17:42 . 2004-08-17 15:49 35,840 --a------ C:\WINDOWS\system32\iprip.dll
2008-03-02 17:42 . 2004-08-17 15:49 35,840 --a------ C:\WINDOWS\system32\dllcache\iprip.dll
2008-03-02 17:37 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002379_.tmp
2008-03-02 17:32 . 2006-09-06 17:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-02 17:28 . 2008-03-02 17:28 <DIR> d-------- C:\WINDOWS\EHome
2008-02-29 14:21 . 2008-02-29 14:23 628,736 --a------ C:\BOOTCD.ISO
2008-02-29 13:25 . 2004-08-03 23:08 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2008-02-29 13:25 . 2004-08-03 23:08 142,976 --a------ C:\WINDOWS\system32\dllcache\usbport.sys
2008-02-29 13:25 . 2004-08-17 15:49 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2008-02-29 13:25 . 2004-08-17 15:49 75,264 --a------ C:\WINDOWS\system32\dllcache\usbui.dll
2008-02-29 13:25 . 2004-08-03 23:08 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2008-02-29 13:25 . 2004-08-03 23:08 57,600 --a------ C:\WINDOWS\system32\dllcache\usbhub.sys
2008-02-29 13:25 . 2004-08-03 23:08 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2008-02-29 13:25 . 2004-08-03 23:08 17,024 --a------ C:\WINDOWS\system32\dllcache\usbohci.sys
2008-02-28 14:57 . 2001-09-20 12:00 926,720 --a------ C:\WINDOWS\system32\Copy of KERNEL32.DLL
2008-02-27 20:22 . 2008-02-27 20:22 16,384 --a------ C:\Yuh-huh.exe
2008-02-27 13:18 . 2008-02-27 13:18 <DIR> d-------- C:\bckup
2008-02-26 21:48 . 2008-02-26 21:48 82,186 --a------ C:\WINDOWS\system32\dwwin.rar
2008-02-25 17:23 . 2008-02-25 17:23 <DIR> d--hs---- C:\FOUND.019
2008-02-25 17:07 . 2008-02-25 17:07 29 --a------ C:\WINDOWS\system32\uwdfdsui.tmp
2008-02-24 12:02 . 2008-02-24 12:02 <DIR> d-------- C:\Sound Driver
2008-02-24 12:00 . 2008-02-24 12:00 26,781,918 --a------ C:\Sound Driver.zip
2008-02-24 11:45 . 2008-02-24 11:45 <DIR> d-------- C:\WDM_R167
2008-02-24 11:32 . 2008-02-24 11:32 19,309,156 --a------ C:\Cole2k.Media.-.Codec.Pack.V6.1.0.-Advanced-.32Bit.Setup.exe
2008-02-24 11:25 . 2008-02-24 11:25 25,713,417 --a------ C:\WDM_R167.zip
2008-02-24 00:05 . 2008-02-24 00:05 352,430,632 --a------ C:\windowsxp-kb936929-sp3-x86-enu.exe
2008-02-23 15:48 . 2001-09-13 17:55 56,576 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-02-23 15:48 . 2001-08-17 21:52 47,488 --a------ C:\WINDOWS\system32\drivers\cdrom.sys
2008-02-23 14:55 . 2008-02-23 14:55 <DIR> d-------- C:\4A-Semin rka
2008-02-22 17:37 . 2001-09-17 10:28 71,168 --------- C:\WINDOWS\system32\storprop.dll
2008-02-22 17:37 . 2001-09-13 17:37 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 12:42 --------- d-----w C:\Program Files\HHVcdV5Sys
2008-02-02 19:35 --------- d-----w C:\Program Files\URUSoft
2008-01-30 13:06 --------- d-----w C:\Program Files\SyberStart ScreenCopy
2008-01-30 13:03 --------- d-----w C:\Program Files\DemoStudio
2008-01-26 13:52 --------- d-----w C:\Program Files\Avidemux 2.4
2008-01-26 13:28 --------- d-----w C:\Program Files\SMPlayer
2007-10-10 18:25 1,663,596,490 ----a-w C:\Program Files\Mafia.rar
2007-10-10 17:41 715,467,541 ----a-w C:\Program Files\Kobra 11 Nitro.rar
2007-02-11 10:16 5,981,974 ----a-w C:\Program Files\Pcsx2.rar
2007-01-27 19:09 860 ----a-w C:\Program Files\Project1.vbp
2007-01-27 19:09 132 ----a-w C:\Program Files\Project1.vbw
2007-01-27 19:06 253,952 ----a-w C:\Program Files\Project1.exe
2007-01-27 19:05 7,713 ----a-w C:\Program Files\UserForm2.frm
2007-01-27 19:05 218,478 ----a-w C:\Program Files\UserForm2.DCA
2007-01-27 19:05 213,528 ----a-w C:\Program Files\UserForm2.dsx
2007-01-27 19:05 175 ----a-w C:\Program Files\Module1.bas
2007-01-27 18:46 764 ----a-w C:\Program Files\UserForm1.frm
2007-01-27 18:46 3,096 ----a-w C:\Program Files\UserForm1.frx
2007-01-27 18:46 213,528 ----a-w C:\Program Files\UserForm2.frx
2006-03-05 17:09 1,617 ----a-w C:\Program Files\INSTALL.LOG
2005-12-10 11:04 691,372,032 ----a-w C:\Program Files\MYISO.ISO
2004-12-27 13:29 48,128 --sha-w C:\Program Files\Thumbs.db
.
------- Sigcheck -------
2007-12-01 00:26 14336 0c82b0ae50bb2bc8a96a753f4edc495f C:\WINDOWS\system32\svchost.exe
2001-09-20 12:00 12800 c3a0ef5ef2db54843c53077372508a0a C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-17 15:49 14336 dfba2915b0bf58abb288cd4c9318cb3f C:\WINDOWS\ServicePackFiles\i386\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 15:49 1667584]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-22 14:38 171448]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-02-20 15:15 816368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 09:31 67584 C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-24 09:49 98304]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-12 09:50 4112384]
"nwiz"="nwiz.exe" [2004-07-12 09:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-12 09:50 81920]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-04 16:32 819200]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-03-15 19:20 1115728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"C:\\WINDOWS\\System32\\mmc.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"1394:TCP"= 1394:TCP:BitComet 1394 TCP
"1394:UDP"= 1394:UDP:BitComet 1394 UDP
"18667:TCP"= 18667:TCP:BitComet 18667 TCP
"18667:UDP"= 18667:UDP:BitComet 18667 UDP
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-23 02:15]
R1 vbev5mp;vbev5mp;C:\WINDOWS\system32\DRIVERS\vbev5mp.sys [2003-11-12 08:26]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 23:08]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 23:08]
R3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ALIEHCI.sys []
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2005-06-15 10:01]
S3 alihub;Generic Hub on USB 2.0 Bus;C:\WINDOWS\system32\DRIVERS\AliHub.sys []
S3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\system32\DRIVERS\AliRtHub.sys []
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2005-06-15 10:01]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů;C:\WINDOWS\System32\svchost.exe [2007-12-01 00:26]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů;C:\WINDOWS\System32\svchost.exe [2007-12-01 00:26]
S3 p2psvc;Síť rovnocenných počítačů;C:\WINDOWS\System32\svchost.exe [2007-12-01 00:26]
S3 PNRPSvc;Protokol PNRP;C:\WINDOWS\System32\svchost.exe [2007-12-01 00:26]
S3 TVICHW32;TVICHW32;C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [2008-03-07 16:44]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 14:35:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Iprip]
"ServiceDll"="%SystemRoot%\System32\iprip.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\WINDOWS\system32\imon.dll
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Nokia\PC Suite for Nokia 7650\connmngmntbox.exe
C:\Nokia\PC Suite for Nokia 7650\ectaskscheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Nokia\PCSUIT~1\BROADC~1.EXE
C:\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2008-03-18 14:45:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-18 13:45:48
..........................................
on tam možná v tu dobu ten 2. os nebyl
nekde jsi to nekomu psal, že když má 2os tak má sem dát logy z obou dvou os takže bych ho sem dal.
ComboFix 08-03-17.1 - Vašek 2008-03-18 14:27:52.1 - FAT32x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.198 [GMT 1:00]
Running from: C:\Documents and Settings\Vašek\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\taskmgr.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.
2008-03-18 12:50 . 2004-08-17 15:49 577,024 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-03-18 12:49 . 2008-03-18 12:49 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-18 12:43 . 2008-03-16 06:19 <DIR> d-------- C:\SDFix
2008-03-18 12:33 . 2008-03-18 12:34 1,413,305 --a------ C:\SDFix.exe
2008-03-16 18:32 . 2001-08-23 13:00 18,944 --a------ C:\WINDOWS\system32\simptcp.dll
2008-03-15 17:21 . 2008-03-15 17:21 <DIR> d-------- C:\Program Files\Comodo
2008-03-15 17:16 . 2008-03-15 17:16 42,418 --a------ C:\cc_20080315_1716.reg
2008-03-15 15:10 . 2008-03-15 15:10 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-03-15 15:06 . 2008-03-15 15:06 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-14 16:23 . 2008-03-14 16:23 <DIR> d-------- C:\Program Files\Microsoft Virtual PC
2008-03-13 17:45 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-03-13 17:45 . 2004-08-03 22:31 20,992 --a------ C:\WINDOWS\system32\dllcache\rtl8139.sys
2008-03-11 18:38 . 2008-03-11 18:38 <DIR> d-------- C:\4 jirka
2008-03-11 16:49 . 2008-03-11 16:49 <DIR> d-------- C:\Program Files\NeoSmart Technologies
2008-03-09 09:50 . 2008-03-09 09:50 <DIR> d-------- C:\disk - mini
2008-03-08 15:21 . 2008-03-08 15:21 <DIR> d-------- C:\mark‚ty flash
2008-03-07 16:44 . 2008-03-07 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-03-07 16:39 . 2008-03-07 16:39 <DIR> d-------- C:\Program Files\TouchStoneSoftware
2008-03-07 16:17 . 2008-03-07 16:17 <DIR> d-------- C:\Vdefs
2008-03-07 14:41 . 2008-03-07 14:41 <DIR> d-------- C:\4 vista
2008-03-07 14:17 . 2008-03-07 14:17 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-03-07 14:17 . 2008-03-07 14:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\HP Product Assistant
2008-03-07 14:15 . 2008-03-12 20:53 157,597 --a------ C:\WINDOWS\hpoins14.dat
2008-03-07 14:15 . 2007-06-06 00:07 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-03-06 21:30 . 2008-03-06 21:30 832 --a------ C:\cc_20080306_2130.reg
2008-03-05 18:46 . 2008-03-05 18:46 <DIR> d-------- C:\zalohaD
2008-03-05 16:48 . 2008-03-05 16:48 <DIR> d-------- C:\!wassup
2008-03-04 19:48 . 2008-03-04 19:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Avg7
2008-03-04 18:06 . 2008-03-04 18:06 <DIR> d-------- C:\HijackThis
2008-03-04 16:35 . 2008-03-04 16:32 300,048 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-03-04 16:35 . 2008-03-04 16:32 245,760 --a------ C:\WINDOWS\system32\imon.dll
2008-03-04 16:35 . 2008-03-04 16:32 114,688 --a------ C:\WINDOWS\system32\nms32.dll
2008-03-04 16:35 . 2008-03-04 16:35 442 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-03-04 16:31 . 2008-03-04 16:31 <DIR> d-------- C:\Program Files\ESET
2008-03-04 15:02 . 2008-03-04 15:03 28,816 --a------ C:\cc_20080304_1502.reg
2008-03-04 14:54 . 2008-03-04 14:54 <DIR> d-------- C:\Program Files\RegCleaner
2008-03-04 14:54 . 2008-03-04 14:54 <DIR> d-------- C:\Program Files\CCleaner
2008-03-03 17:24 . 2004-08-17 15:49 14,336 --a------ C:\WINDOWS\system32\Copy of svchost.exe
2008-03-02 17:42 . 2008-03-02 17:42 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-02 17:42 . 2004-08-17 15:49 35,840 --a------ C:\WINDOWS\system32\iprip.dll
2008-03-02 17:42 . 2004-08-17 15:49 35,840 --a------ C:\WINDOWS\system32\dllcache\iprip.dll
2008-03-02 17:37 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002379_.tmp
2008-03-02 17:32 . 2006-09-06 17:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-02 17:28 . 2008-03-02 17:28 <DIR> d-------- C:\WINDOWS\EHome
2008-02-29 14:21 . 2008-02-29 14:23 628,736 --a------ C:\BOOTCD.ISO
2008-02-29 13:25 . 2004-08-03 23:08 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2008-02-29 13:25 . 2004-08-03 23:08 142,976 --a------ C:\WINDOWS\system32\dllcache\usbport.sys
2008-02-29 13:25 . 2004-08-17 15:49 75,264 --a------ C:\WINDOWS\system32\usbui.dll
2008-02-29 13:25 . 2004-08-17 15:49 75,264 --a------ C:\WINDOWS\system32\dllcache\usbui.dll
2008-02-29 13:25 . 2004-08-03 23:08 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2008-02-29 13:25 . 2004-08-03 23:08 57,600 --a------ C:\WINDOWS\system32\dllcache\usbhub.sys
2008-02-29 13:25 . 2004-08-03 23:08 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2008-02-29 13:25 . 2004-08-03 23:08 17,024 --a------ C:\WINDOWS\system32\dllcache\usbohci.sys
2008-02-28 14:57 . 2001-09-20 12:00 926,720 --a------ C:\WINDOWS\system32\Copy of KERNEL32.DLL
2008-02-27 20:22 . 2008-02-27 20:22 16,384 --a------ C:\Yuh-huh.exe
2008-02-27 13:18 . 2008-02-27 13:18 <DIR> d-------- C:\bckup
2008-02-26 21:48 . 2008-02-26 21:48 82,186 --a------ C:\WINDOWS\system32\dwwin.rar
2008-02-25 17:23 . 2008-02-25 17:23 <DIR> d--hs---- C:\FOUND.019
2008-02-25 17:07 . 2008-02-25 17:07 29 --a------ C:\WINDOWS\system32\uwdfdsui.tmp
2008-02-24 12:02 . 2008-02-24 12:02 <DIR> d-------- C:\Sound Driver
2008-02-24 12:00 . 2008-02-24 12:00 26,781,918 --a------ C:\Sound Driver.zip
2008-02-24 11:45 . 2008-02-24 11:45 <DIR> d-------- C:\WDM_R167
2008-02-24 11:32 . 2008-02-24 11:32 19,309,156 --a------ C:\Cole2k.Media.-.Codec.Pack.V6.1.0.-Advanced-.32Bit.Setup.exe
2008-02-24 11:25 . 2008-02-24 11:25 25,713,417 --a------ C:\WDM_R167.zip
2008-02-24 00:05 . 2008-02-24 00:05 352,430,632 --a------ C:\windowsxp-kb936929-sp3-x86-enu.exe
2008-02-23 15:48 . 2001-09-13 17:55 56,576 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-02-23 15:48 . 2001-08-17 21:52 47,488 --a------ C:\WINDOWS\system32\drivers\cdrom.sys
2008-02-23 14:55 . 2008-02-23 14:55 <DIR> d-------- C:\4A-Semin rka
2008-02-22 17:37 . 2001-09-17 10:28 71,168 --------- C:\WINDOWS\system32\storprop.dll
2008-02-22 17:37 . 2001-09-13 17:37 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 12:42 --------- d-----w C:\Program Files\HHVcdV5Sys
2008-02-02 19:35 --------- d-----w C:\Program Files\URUSoft
2008-01-30 13:06 --------- d-----w C:\Program Files\SyberStart ScreenCopy
2008-01-30 13:03 --------- d-----w C:\Program Files\DemoStudio
2008-01-26 13:52 --------- d-----w C:\Program Files\Avidemux 2.4
2008-01-26 13:28 --------- d-----w C:\Program Files\SMPlayer
2007-10-10 18:25 1,663,596,490 ----a-w C:\Program Files\Mafia.rar
2007-10-10 17:41 715,467,541 ----a-w C:\Program Files\Kobra 11 Nitro.rar
2007-02-11 10:16 5,981,974 ----a-w C:\Program Files\Pcsx2.rar
2007-01-27 19:09 860 ----a-w C:\Program Files\Project1.vbp
2007-01-27 19:09 132 ----a-w C:\Program Files\Project1.vbw
2007-01-27 19:06 253,952 ----a-w C:\Program Files\Project1.exe
2007-01-27 19:05 7,713 ----a-w C:\Program Files\UserForm2.frm
2007-01-27 19:05 218,478 ----a-w C:\Program Files\UserForm2.DCA
2007-01-27 19:05 213,528 ----a-w C:\Program Files\UserForm2.dsx
2007-01-27 19:05 175 ----a-w C:\Program Files\Module1.bas
2007-01-27 18:46 764 ----a-w C:\Program Files\UserForm1.frm
2007-01-27 18:46 3,096 ----a-w C:\Program Files\UserForm1.frx
2007-01-27 18:46 213,528 ----a-w C:\Program Files\UserForm2.frx
2006-03-05 17:09 1,617 ----a-w C:\Program Files\INSTALL.LOG
2005-12-10 11:04 691,372,032 ----a-w C:\Program Files\MYISO.ISO
2004-12-27 13:29 48,128 --sha-w C:\Program Files\Thumbs.db
.
------- Sigcheck -------
2007-12-01 00:26 14336 0c82b0ae50bb2bc8a96a753f4edc495f C:\WINDOWS\system32\svchost.exe
2001-09-20 12:00 12800 c3a0ef5ef2db54843c53077372508a0a C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-17 15:49 14336 dfba2915b0bf58abb288cd4c9318cb3f C:\WINDOWS\ServicePackFiles\i386\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 15:49 1667584]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-22 14:38 171448]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-02-20 15:15 816368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 09:31 67584 C:\WINDOWS\SOUNDMAN.EXE]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-24 09:49 98304]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-07-12 09:50 4112384]
"nwiz"="nwiz.exe" [2004-07-12 09:50 843776 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-07-12 09:50 81920]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-04 16:32 819200]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-03-15 19:20 1115728]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"C:\\WINDOWS\\System32\\mmc.exe"=
"D:\\Program Files\\BitComet\\BitComet.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"1394:TCP"= 1394:TCP:BitComet 1394 TCP
"1394:UDP"= 1394:UDP:BitComet 1394 UDP
"18667:TCP"= 18667:TCP:BitComet 18667 TCP
"18667:UDP"= 18667:UDP:BitComet 18667 UDP
"3587:TCP"= 3587:TCP:Skupiny sítě Peer-to-Peer
"3540:UDP"= 3540:UDP:Protokol PNRP (Peer Name Resolution Protocol)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-23 02:15]
R1 vbev5mp;vbev5mp;C:\WINDOWS\system32\DRIVERS\vbev5mp.sys [2003-11-12 08:26]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
R3 usbhub;Ovladač standardního rozbočovače USB;C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 23:08]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 23:08]
R3 usbscan;Ovladač skeneru USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S2 ALIEHCD;ALi PCI to USB Enhanced Host Controller;C:\WINDOWS\system32\Drivers\ALIEHCI.sys []
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2005-06-15 10:01]
S3 alihub;Generic Hub on USB 2.0 Bus;C:\WINDOWS\system32\DRIVERS\AliHub.sys []
S3 aliroothub;USB 2.0 Root Hub;C:\WINDOWS\system32\DRIVERS\AliRtHub.sys []
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2005-06-15 10:01]
S3 p2pgasvc;Ověřování v síti skupiny rovnocenných počítačů;C:\WINDOWS\System32\svchost.exe [2007-12-01 00:26]
S3 p2pimsvc;Správce identit sítě rovnocenných počítačů;C:\WINDOWS\System32\svchost.exe [2007-12-01 00:26]
S3 p2psvc;Síť rovnocenných počítačů;C:\WINDOWS\System32\svchost.exe [2007-12-01 00:26]
S3 PNRPSvc;Protokol PNRP;C:\WINDOWS\System32\svchost.exe [2007-12-01 00:26]
S3 TVICHW32;TVICHW32;C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [2008-03-07 16:44]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 14:35:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Iprip]
"ServiceDll"="%SystemRoot%\System32\iprip.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\WINDOWS\system32\imon.dll
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Nokia\PC Suite for Nokia 7650\connmngmntbox.exe
C:\Nokia\PC Suite for Nokia 7650\ectaskscheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Nokia\PCSUIT~1\BROADC~1.EXE
C:\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2008-03-18 14:45:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-18 13:45:48
..........................................
on tam možná v tu dobu ten 2. os nebyl
nekde jsi to nekomu psal, že když má 2os tak má sem dát logy z obou dvou os takže bych ho sem dal.uživatel odstaven
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
no to vim,ale vidim instalačku tak se ptám.
toto
C:\WINDOWS\system32\Copy of KERNEL32.DLL
C:\WINDOWS\system32\Copy of svchost.exe
C:\Yuh-huh.exe
C:\WINDOWS\system32\uwdfdsui.tmp
nech zkontrolovat tady http://www.virustotal.com/flash/index_en.html
nepoužívej "Procházet" ale vlož do okna celou cestu,tučně označenou,k souboru metodou Ctrl+C > Ctrl+V
toto
C:\WINDOWS\system32\Copy of KERNEL32.DLL
C:\WINDOWS\system32\Copy of svchost.exe
C:\Yuh-huh.exe
C:\WINDOWS\system32\uwdfdsui.tmp
nech zkontrolovat tady http://www.virustotal.com/flash/index_en.html
nepoužívej "Procházet" ale vlož do okna celou cestu,tučně označenou,k souboru metodou Ctrl+C > Ctrl+V
Re: Prosím o kontrolu
jj to je jasný nikdy nevíš. SP3 jsem nacpal do 2. os
zkontrolováno výsledek:
Copy_of_KERNEL32.DLL Výsledek: 2/32 (6.25%) (F-Secure, Kaspersky) (smazáno)
Copy_of_svchost.exe Výsledek: 0/32 (0%)
Yuh-huh.exe Výsledek: 0/32 (0%)
uwdfdsui.tmp Výsledek: 0/32 (0%)
pro jistotu jsem zkontroloval ještě:
svchost.exe Výsledek: 0/32 (0%)
kernel32.dll Výsledek: 1/32 (3,12%)
zkontrolováno výsledek:
Copy_of_KERNEL32.DLL Výsledek: 2/32 (6.25%) (F-Secure, Kaspersky) (smazáno)
Copy_of_svchost.exe Výsledek: 0/32 (0%)
Yuh-huh.exe Výsledek: 0/32 (0%)
uwdfdsui.tmp Výsledek: 0/32 (0%)
pro jistotu jsem zkontroloval ještě:
svchost.exe Výsledek: 0/32 (0%)
kernel32.dll Výsledek: 1/32 (3,12%)
uživatel odstaven
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu
takže internet stále padá? tak je tu další skvělí nástroj. superantispyware!
Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >
Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.
Stáhni si SUPERAntiSpyware
Nainstaluj a spusť ho a klikni na tlačítko Check for Updates...
Po provedení Update klikni na tlačítko: Scan your computer
Zvol možnost: Perform Complete Scan a klikni na tlačítko Další >
Proběhne kontrola, po skončení vypíše vše co našel.
Ujisti se že všechny položko jsou zaškrtnuty a pak zvol tlačítko Další
Pak klikni na tlačítko Finish a měl by ses dostat na úvodní obrazovku.
Tam klikni na tlačítko: Preferences... a tam zvol záložku Statistics/Logs
Tam klikni na log s dnešním datem který tam bude a dej tlačítko: View Log...
Otevře se ti Okno s logem tak jeho obsah sem zkopíruj.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 121 hostů