Zdar lidi,
potreboval bych skontrolovat vypis z hijackthis. Mam totiz problem s vyhledavanim na internetu(google,...). Kdyz zadam na googlu neco hledat, tak stale hleda a nikdy se nedobere vysledku. Pozivam operu, jedine kde to nevadi je explorel. Ale tady prozmenu kdyz pustim explorel, tak me vyskoci nabidka na stazeni SuspenzorPC. nestahoval jsem to(teda pokud vim). Dik za jakoukoli pomoc.
Tady je vypis z hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:41:52, on 22.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
d:\Programy\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
d:\Programy\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
F:\Zaloha\wincmd\WINCMD32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [28ae3963] rundll32.exe "C:\WINDOWS\system32\ovaqvpyv.dll",b
O4 - HKLM\..\Run: [BM2b9d0aff] Rundll32.exe "C:\WINDOWS\system32\wytxjnlp.dll",s
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programy\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\Programy\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [international] International*
O16 - DPF: {1F831FA2-42FC-11D4-95A6-0080AD30DCE1} (NOXLATE) - file://D:\Programy\AutoCAD LT 2000i Cz\InstFred.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Ovládací prvek AcDcToday) - file://D:\Programy\AutoCAD LT 2000i Cz\AcDcToday.ocx
O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Prvek AcPreview) - file://D:\Programy\AutoCAD LT 2000i Cz\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{37E630FD-96DC-4904-AA1C-EBB784A5ACA9}: NameServer = 213.194.204.126,85.132.148.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{37E630FD-96DC-4904-AA1C-EBB784A5ACA9}: NameServer = 213.194.204.126,85.132.148.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{37E630FD-96DC-4904-AA1C-EBB784A5ACA9}: NameServer = 213.194.204.126,85.132.148.70
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - d:\Programy\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - d:\Programy\Borland\InterBase\bin\ibserver.exe
O23 - Service: Remote Procedure Manager(TPM) (rpcm) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Speech\csvde.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6893 bytes
Kontrola hijackthis
Re: Kontrola hijackthis
Stáhněte a uložte na plochu ComboFix:
Spusťte aplikaci pod účtem Správce počítače - zavřete všechny spuštěné programy(webový prohlížeč, messenger, ...) - následuje licenční ujednání, klikněte na Ano - začne se testovat (celá akce trvá cca. 5-10 minut, někdy i trochu déle) - během skenu se nepokoušejte spouštět žádne jiné aplikace a neklikejte do okna ComboFixu - po dokončení se automaticky otevře okno poznámkového bloku s textem (pokud se tak nestane, log je v C:\ComboFix.txt), který sem pomocí známých klávesových zkratek Ctrl + A (označení celého textu) -> Ctrl + C (uložení do jakési schránky) -> Ctrl + V (vložení textu) zkopírujte - a počkejte na další postup
VAROVÁNÍ: Pokud se vám zobrazí "CRITICAL WARNING !!" nesmíte restartovat počítač, o varování napište.
VAROVÁNÍ2: Je možné, že při testu budou různé bezpečnostní programy hlásit neoprávněný pokus o smazání daného souboru či něco jiného. Povolte jejich případné dotazy nebo na dobu scanu úplně vypněte rezidentní modul daného programu.
Spusťte aplikaci pod účtem Správce počítače - zavřete všechny spuštěné programy(webový prohlížeč, messenger, ...) - následuje licenční ujednání, klikněte na Ano - začne se testovat (celá akce trvá cca. 5-10 minut, někdy i trochu déle) - během skenu se nepokoušejte spouštět žádne jiné aplikace a neklikejte do okna ComboFixu - po dokončení se automaticky otevře okno poznámkového bloku s textem (pokud se tak nestane, log je v C:\ComboFix.txt), který sem pomocí známých klávesových zkratek Ctrl + A (označení celého textu) -> Ctrl + C (uložení do jakési schránky) -> Ctrl + V (vložení textu) zkopírujte - a počkejte na další postup
VAROVÁNÍ: Pokud se vám zobrazí "CRITICAL WARNING !!" nesmíte restartovat počítač, o varování napište.
VAROVÁNÍ2: Je možné, že při testu budou různé bezpečnostní programy hlásit neoprávněný pokus o smazání daného souboru či něco jiného. Povolte jejich případné dotazy nebo na dobu scanu úplně vypněte rezidentní modul daného programu.
Re: Kontrola hijackthis
ComboFix 08-04-20.5 - Feanor 2008-04-22 18:10:55.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.463 [GMT 2:00]
Running from: C:\Documents and Settings\Feanor.DAT\Data aplikací\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Helper
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bcfnooep.dll
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\feusdunj.dll
C:\WINDOWS\system32\fmlxrccc.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ovaqvpyv.dll
C:\WINDOWS\system32\qoMdCssr.dll
C:\WINDOWS\system32\rssCdMoq.ini
C:\WINDOWS\system32\rssCdMoq.ini2
C:\WINDOWS\system32\ukervlhw.ini
C:\WINDOWS\system32\urqQgfEt.dll
C:\WINDOWS\system32\vypvqavo.ini
C:\WINDOWS\system32\whlvreku.dll
C:\WINDOWS\system32\wytxjnlp.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.
2008-04-22 17:41 . 2008-04-22 17:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 11:12 . 2008-04-22 11:12 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-04-22 11:02 . 2006-09-06 17:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-22 11:01 . 2008-04-22 11:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-22 11:01 . 2008-04-22 11:03 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-22 09:21 . 2008-04-22 09:21 <DIR> d-------- C:\Program Files\Opera
2008-04-21 18:09 . 2008-04-21 18:09 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-21 18:09 . 2008-04-21 18:09 <DIR> d-------- C:\Program Files\CCleaner
2008-04-21 15:13 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-04-21 15:10 . 2008-04-21 15:10 <DIR> d-------- C:\Program Files\ESET
2008-04-21 14:52 . 2008-04-21 14:52 <DIR> d---s---- C:\Documents and Settings\Feanor.DAT\UserData
2008-04-21 08:30 . 2008-04-22 08:20 1,541,046 --ahs---- C:\WINDOWS\system32\pvvblhqu.ini
2008-04-20 21:31 . 2008-04-20 21:39 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-04-20 21:31 . 2008-04-20 21:48 64,606 --a------ C:\WINDOWS\War3Unin.dat
2008-04-20 21:31 . 2008-04-20 21:39 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-04-20 08:57 . 2009-04-21 08:25 1,541,037 --ahs---- C:\WINDOWS\system32\yllcunit.ini
2008-04-19 08:56 . 2008-04-20 08:57 1,540,737 --ahs---- C:\WINDOWS\system32\wltwvffk.ini
2008-04-18 08:51 . 2008-04-18 11:41 1,529,620 --ahs---- C:\WINDOWS\system32\jclgcpuk.ini
2008-04-17 04:28 . 2008-04-18 08:51 1,529,500 --ahs---- C:\WINDOWS\system32\jtsrdaqm.ini
2008-04-17 04:28 . 2008-04-22 10:05 109,089 --a------ C:\WINDOWS\BM2b9d0aff.xml
2008-04-16 18:17 . 2008-04-22 18:20 33,947,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-16 18:17 . 2008-04-22 18:18 399,896 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-16 18:15 . 2008-04-16 18:15 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-16 18:13 . 2008-03-13 23:11 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-16 18:13 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-16 18:13 . 2008-04-16 18:15 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-04-16 18:12 . 2008-04-16 18:12 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-16 16:24 . 2008-04-16 16:24 55,218 --a------ C:\WINDOWS\qaszpurn.sys
2008-04-16 16:24 . 2008-04-16 16:25 2 --a------ C:\682506700
2008-04-16 16:14 . 2008-04-21 19:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-16 16:14 . 2008-04-16 16:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-16 13:10 . 2008-04-16 13:10 <DIR> d-------- C:\Program Files\Macromedia
2008-04-14 16:20 . 2008-04-14 16:20 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-04-14 16:20 . 2008-04-14 16:20 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-14 15:24 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-14 15:24 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 23:25 . 2008-03-31 23:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 23:25 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-26 19:30 . 2008-03-26 19:30 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 11:11 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-04-13 20:27 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-10 15:42 --------- d-----w C:\Program Files\DivX
2008-04-08 20:29 --------- d-----w C:\Program Files\BSplayer Pro
2008-03-26 09:55 --------- d-----w C:\Program Files\ATI Technologies
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 17:42 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-20 16:10 --------- d-----w C:\Program Files\Rapid-I
2008-03-20 11:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-19 21:43 --------- d-----w C:\Program Files\Creative
2008-03-19 21:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 21:31 --------- d-----w C:\Program Files\Codec Pack - VobSub
2008-03-19 21:26 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-19 21:26 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-03-19 20:34 --------- d-----w C:\Program Files\CyberLink
2008-03-17 14:32 --------- d-----w C:\Program Files\PSPad editor
2008-03-13 21:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-13 18:17 --------- d-----w C:\Program Files\KSB
2008-03-10 16:41 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-10 16:41 249,856 ------w C:\WINDOWS\Setup1.exe
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2008-02-24 20:09 --------- d-----w C:\Program Files\GameSpy
2008-02-24 19:47 --------- d-----w C:\Program Files\QIP
2008-02-21 02:05 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-01-31 23:26 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.
------- Sigcheck -------
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 c81d6a930a7805f6daa0c7902b99037e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa}]
2008-04-16 18:15 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-16 18:15 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-16 18:15 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 16:58 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 22:05 344064]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 13:17 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgfEt]
urqQgfEt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"antivirservice"=2 (0x2)
"antivirscheduler"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"D:\\Hry\\NWN_DE\\nwmain.exe"=
"D:\\Hry\\W3\\war3.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"D:\\Hry\\Rome - Total War\\RomeTW.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Civilization4.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"D:\\Hry\\Space Empires IV Gold\\Se4.exe"=
"F:\\Zaloha\\wincmd\\WINCMD32.EXE"=
"D:\\Programy\\MATLAB\\R2007b\\bin\\win32\\MATLAB.exe"=
"D:\\Hry\\Worms\\WWP.EXE"=
"D:\\Hry\\CS1.6_with_Bots\\Valve\\hl.exe"=
"D:\\Hry\\CS1.6_with_Bots\\Valve\\hlds.exe"=
"D:\\Hry\\CS1.6_with_Bots\\Valve\\hltv.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 InterBaseGuardian;InterBase Guardian;d:\Programy\Borland\InterBase\bin\ibguard.exe [2001-11-29 08:50]
R3 InterBaseServer;InterBase Server;d:\Programy\Borland\InterBase\bin\ibserver.exe [2001-11-29 08:50]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 rpcm;Remote Procedure Manager(TPM);C:\Program Files\Common Files\Microsoft Shared\Speech\csvde.exe [2008-04-21 08:55]
S3 SetupNTGLM7X;SetupNTGLM7X;H:\NTGLM7X.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 14:24:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 18:19:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-22 18:21:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 16:21:34
Adresářů: 10, Volných bajtů: 2,582,695,936
Adres ý…: 13, Volněch bajt…: 2,672,828,416
240
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.463 [GMT 2:00]
Running from: C:\Documents and Settings\Feanor.DAT\Data aplikací\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Helper
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bcfnooep.dll
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\feusdunj.dll
C:\WINDOWS\system32\fmlxrccc.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ovaqvpyv.dll
C:\WINDOWS\system32\qoMdCssr.dll
C:\WINDOWS\system32\rssCdMoq.ini
C:\WINDOWS\system32\rssCdMoq.ini2
C:\WINDOWS\system32\ukervlhw.ini
C:\WINDOWS\system32\urqQgfEt.dll
C:\WINDOWS\system32\vypvqavo.ini
C:\WINDOWS\system32\whlvreku.dll
C:\WINDOWS\system32\wytxjnlp.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.
2008-04-22 17:41 . 2008-04-22 17:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 11:12 . 2008-04-22 11:12 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-04-22 11:02 . 2006-09-06 17:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-22 11:01 . 2008-04-22 11:01 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-22 11:01 . 2008-04-22 11:03 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-22 09:21 . 2008-04-22 09:21 <DIR> d-------- C:\Program Files\Opera
2008-04-21 18:09 . 2008-04-21 18:09 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-21 18:09 . 2008-04-21 18:09 <DIR> d-------- C:\Program Files\CCleaner
2008-04-21 15:13 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-04-21 15:10 . 2008-04-21 15:10 <DIR> d-------- C:\Program Files\ESET
2008-04-21 14:52 . 2008-04-21 14:52 <DIR> d---s---- C:\Documents and Settings\Feanor.DAT\UserData
2008-04-21 08:30 . 2008-04-22 08:20 1,541,046 --ahs---- C:\WINDOWS\system32\pvvblhqu.ini
2008-04-20 21:31 . 2008-04-20 21:39 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-04-20 21:31 . 2008-04-20 21:48 64,606 --a------ C:\WINDOWS\War3Unin.dat
2008-04-20 21:31 . 2008-04-20 21:39 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-04-20 08:57 . 2009-04-21 08:25 1,541,037 --ahs---- C:\WINDOWS\system32\yllcunit.ini
2008-04-19 08:56 . 2008-04-20 08:57 1,540,737 --ahs---- C:\WINDOWS\system32\wltwvffk.ini
2008-04-18 08:51 . 2008-04-18 11:41 1,529,620 --ahs---- C:\WINDOWS\system32\jclgcpuk.ini
2008-04-17 04:28 . 2008-04-18 08:51 1,529,500 --ahs---- C:\WINDOWS\system32\jtsrdaqm.ini
2008-04-17 04:28 . 2008-04-22 10:05 109,089 --a------ C:\WINDOWS\BM2b9d0aff.xml
2008-04-16 18:17 . 2008-04-22 18:20 33,947,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-16 18:17 . 2008-04-22 18:18 399,896 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-16 18:15 . 2008-04-16 18:15 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-16 18:13 . 2008-03-13 23:11 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-16 18:13 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-16 18:13 . 2008-04-16 18:15 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-04-16 18:12 . 2008-04-16 18:12 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-16 16:24 . 2008-04-16 16:24 55,218 --a------ C:\WINDOWS\qaszpurn.sys
2008-04-16 16:24 . 2008-04-16 16:25 2 --a------ C:\682506700
2008-04-16 16:14 . 2008-04-21 19:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-16 16:14 . 2008-04-16 16:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-16 13:10 . 2008-04-16 13:10 <DIR> d-------- C:\Program Files\Macromedia
2008-04-14 16:20 . 2008-04-14 16:20 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-04-14 16:20 . 2008-04-14 16:20 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-14 15:24 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-14 15:24 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 23:25 . 2008-03-31 23:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 23:25 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-26 19:30 . 2008-03-26 19:30 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 11:11 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-04-13 20:27 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-10 15:42 --------- d-----w C:\Program Files\DivX
2008-04-08 20:29 --------- d-----w C:\Program Files\BSplayer Pro
2008-03-26 09:55 --------- d-----w C:\Program Files\ATI Technologies
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 17:42 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-20 16:10 --------- d-----w C:\Program Files\Rapid-I
2008-03-20 11:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-19 21:43 --------- d-----w C:\Program Files\Creative
2008-03-19 21:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 21:31 --------- d-----w C:\Program Files\Codec Pack - VobSub
2008-03-19 21:26 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-19 21:26 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-03-19 20:34 --------- d-----w C:\Program Files\CyberLink
2008-03-17 14:32 --------- d-----w C:\Program Files\PSPad editor
2008-03-13 21:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-13 18:17 --------- d-----w C:\Program Files\KSB
2008-03-10 16:41 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-10 16:41 249,856 ------w C:\WINDOWS\Setup1.exe
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2008-02-24 20:09 --------- d-----w C:\Program Files\GameSpy
2008-02-24 19:47 --------- d-----w C:\Program Files\QIP
2008-02-21 02:05 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-01-31 23:26 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.
------- Sigcheck -------
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 c81d6a930a7805f6daa0c7902b99037e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa}]
2008-04-16 18:15 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL" [2008-04-16 18:15 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-16 18:15 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 16:58 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 22:05 344064]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 13:17 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgfEt]
urqQgfEt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"antivirservice"=2 (0x2)
"antivirscheduler"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"D:\\Hry\\NWN_DE\\nwmain.exe"=
"D:\\Hry\\W3\\war3.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"D:\\Hry\\Rome - Total War\\RomeTW.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Civilization4.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"D:\\Hry\\Space Empires IV Gold\\Se4.exe"=
"F:\\Zaloha\\wincmd\\WINCMD32.EXE"=
"D:\\Programy\\MATLAB\\R2007b\\bin\\win32\\MATLAB.exe"=
"D:\\Hry\\Worms\\WWP.EXE"=
"D:\\Hry\\CS1.6_with_Bots\\Valve\\hl.exe"=
"D:\\Hry\\CS1.6_with_Bots\\Valve\\hlds.exe"=
"D:\\Hry\\CS1.6_with_Bots\\Valve\\hltv.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 InterBaseGuardian;InterBase Guardian;d:\Programy\Borland\InterBase\bin\ibguard.exe [2001-11-29 08:50]
R3 InterBaseServer;InterBase Server;d:\Programy\Borland\InterBase\bin\ibserver.exe [2001-11-29 08:50]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 rpcm;Remote Procedure Manager(TPM);C:\Program Files\Common Files\Microsoft Shared\Speech\csvde.exe [2008-04-21 08:55]
S3 SetupNTGLM7X;SetupNTGLM7X;H:\NTGLM7X.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 14:24:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 18:19:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-22 18:21:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 16:21:34
Adresářů: 10, Volných bajtů: 2,582,695,936
Adres ý…: 13, Volněch bajt…: 2,672,828,416
240
Re: Kontrola hijackthis
Opět vypněte veškeré spuštěné programy (webový prohlížeč, messenger, ...). Přesuňte Combofix na plochu (pokud ho tam ještě nemáte) - otevřete si poznámkový blok - do něj zkopírujte text z nasledujícího okna:
Text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - spustí se ComboFix - a CF začne znova scanovat, nakonci scanování se pokusí CF smazat zadané soubory či něco jiného, co jsme mu zadali - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte a vyčkejte prosím na další rady :)
Kód: Vybrat vše
File::
C:\WINDOWS\system32\pvvblhqu.ini
C:\WINDOWS\system32\yllcunit.ini
C:\WINDOWS\system32\wltwvffk.ini
C:\WINDOWS\system32\jclgcpuk.ini
C:\WINDOWS\system32\jtsrdaqm.ini
C:\WINDOWS\BM2b9d0aff.xml
C:\WINDOWS\qaszpurn.sys
C:\682506700
Registry::
[-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[-HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQgfEt]Text uložte jako CFScript.txt na plochu - po uložení uchopte vámi vytvořený soubor .txt levým tlačítkem myši a přesuňte jej nad ikonu ComboFixu - nad ikonou ComboFixu soubor .txt upusťte - spustí se ComboFix - a CF začne znova scanovat, nakonci scanování se pokusí CF smazat zadané soubory či něco jiného, co jsme mu zadali - po provedení akce se opět zobrazí okno poznámkového bloku s textem, který sem zkopírujte a vyčkejte prosím na další rady :)
Re: Kontrola hijackthis
predem musim rict, ze problem s googlem je opraven(alespon prozatim;-) ) a za to mas me velke DIKY.
tady je ten novej vypis:
ComboFix 08-04-20.5 - Feanor 2008-04-22 18:46:49.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.491 [GMT 2:00]
Running from: C:\Documents and Settings\Feanor.DAT\Data aplikací\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
Command switches used :: C:\Documents and Settings\Feanor.DAT\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\682506700
C:\WINDOWS\BM2b9d0aff.xml
C:\WINDOWS\qaszpurn.sys
C:\WINDOWS\system32\jclgcpuk.ini
C:\WINDOWS\system32\jtsrdaqm.ini
C:\WINDOWS\system32\pvvblhqu.ini
C:\WINDOWS\system32\wltwvffk.ini
C:\WINDOWS\system32\yllcunit.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\682506700
C:\Documents and Settings\Feanor.DAT\Data aplikací\inst.exe
C:\WINDOWS\BM2b9d0aff.xml
C:\WINDOWS\qaszpurn.sys
C:\WINDOWS\system32\jclgcpuk.ini
C:\WINDOWS\system32\jtsrdaqm.ini
C:\WINDOWS\system32\pvvblhqu.ini
C:\WINDOWS\system32\wltwvffk.ini
C:\WINDOWS\system32\yllcunit.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_qaszpurn
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.
2008-04-22 17:41 . 2008-04-22 17:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 11:12 . 2008-04-22 11:12 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-04-22 11:02 . 2006-09-06 17:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-22 11:01 . 2008-04-22 18:48 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-22 11:01 . 2008-04-22 18:25 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-22 09:21 . 2008-04-22 09:21 <DIR> d-------- C:\Program Files\Opera
2008-04-21 18:09 . 2008-04-21 18:09 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-21 18:09 . 2008-04-21 18:09 <DIR> d-------- C:\Program Files\CCleaner
2008-04-21 15:13 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-04-21 15:10 . 2008-04-21 15:10 <DIR> d-------- C:\Program Files\ESET
2008-04-21 14:52 . 2008-04-21 14:52 <DIR> d---s---- C:\Documents and Settings\Feanor.DAT\UserData
2008-04-20 21:31 . 2008-04-20 21:39 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-04-20 21:31 . 2008-04-20 21:48 64,606 --a------ C:\WINDOWS\War3Unin.dat
2008-04-20 21:31 . 2008-04-20 21:39 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-04-16 18:17 . 2008-04-22 18:50 34,095,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-16 18:17 . 2008-04-22 18:50 400,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-16 18:15 . 2008-04-16 18:15 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-16 18:13 . 2008-03-13 23:11 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-16 18:13 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-16 18:13 . 2008-04-16 18:15 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-04-16 18:12 . 2008-04-16 18:12 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-16 16:14 . 2008-04-21 19:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-16 16:14 . 2008-04-16 16:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-16 13:10 . 2008-04-16 13:10 <DIR> d-------- C:\Program Files\Macromedia
2008-04-14 16:20 . 2008-04-14 16:20 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-04-14 16:20 . 2008-04-14 16:20 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-14 15:24 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-14 15:24 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 23:25 . 2008-03-31 23:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 23:25 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-26 19:30 . 2008-03-26 19:30 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 11:11 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-04-13 20:27 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-10 15:42 --------- d-----w C:\Program Files\DivX
2008-04-08 20:29 --------- d-----w C:\Program Files\BSplayer Pro
2008-03-26 09:55 --------- d-----w C:\Program Files\ATI Technologies
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 17:42 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-20 16:10 --------- d-----w C:\Program Files\Rapid-I
2008-03-20 11:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-19 21:43 --------- d-----w C:\Program Files\Creative
2008-03-19 21:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 21:31 --------- d-----w C:\Program Files\Codec Pack - VobSub
2008-03-19 21:26 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-19 21:26 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-03-19 20:34 --------- d-----w C:\Program Files\CyberLink
2008-03-17 14:32 --------- d-----w C:\Program Files\PSPad editor
2008-03-13 21:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-13 18:17 --------- d-----w C:\Program Files\KSB
2008-03-10 16:41 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-10 16:41 249,856 ------w C:\WINDOWS\Setup1.exe
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2008-02-24 20:09 --------- d-----w C:\Program Files\GameSpy
2008-02-24 19:47 --------- d-----w C:\Program Files\QIP
2008-02-21 02:05 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-01-31 23:26 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.
------- Sigcheck -------
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 c81d6a930a7805f6daa0c7902b99037e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-22_18.21.07.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-02-25 03:34:44 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB898461\spmsg.dll
+ 2005-02-25 03:34:44 211,680 ----a-w C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
+ 2005-02-25 03:34:44 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB898461\spupdsvc.exe
+ 2005-02-25 03:34:44 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\spcustom.dll
+ 2005-02-25 03:34:45 722,144 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
+ 2005-02-25 03:34:46 380,128 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\updspapi.dll
- 2008-04-22 16:18:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-22 16:51:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-17 13:49:14 2,804,224 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2005-05-04 12:45:32 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-08-17 13:49:26 77,312 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2005-05-04 12:45:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2004-08-17 13:49:14 331,264 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2005-05-04 12:45:36 271,360 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
- 2004-08-17 13:48:30 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
+ 2005-05-04 12:45:36 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
- 2004-08-17 13:49:14 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
+ 2005-05-04 12:45:36 15,360 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
- 2004-08-17 13:49:22 120,320 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 17:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2004-08-17 13:49:14 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
+ 2005-05-04 12:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-17 13:49:26 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 12:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2004-08-17 13:49:14 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 12:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-17 13:48:30 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 12:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2004-08-17 13:49:14 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 12:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
- 2004-08-17 13:49:22 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa}]
2008-04-16 18:15 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 16:58 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 22:05 344064]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 13:17 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"antivirservice"=2 (0x2)
"antivirscheduler"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"D:\\Hry\\NWN_DE\\nwmain.exe"=
"D:\\Hry\\W3\\war3.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"D:\\Hry\\Rome - Total War\\RomeTW.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Civilization4.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"D:\\Hry\\Space Empires IV Gold\\Se4.exe"=
"F:\\Zaloha\\wincmd\\WINCMD32.EXE"=
"D:\\Programy\\MATLAB\\R2007b\\bin\\win32\\MATLAB.exe"=
"D:\\Hry\\Worms\\WWP.EXE"=
"D:\\Hry\\CS1.6_with_Bots\\Valve\\hl.exe"=
"D:\\Hry\\CS1.6_with_Bots\\Valve\\hlds.exe"=
"D:\\Hry\\CS1.6_with_Bots\\Valve\\hltv.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 InterBaseGuardian;InterBase Guardian;d:\Programy\Borland\InterBase\bin\ibguard.exe [2001-11-29 08:50]
R3 InterBaseServer;InterBase Server;d:\Programy\Borland\InterBase\bin\ibserver.exe [2001-11-29 08:50]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 rpcm;Remote Procedure Manager(TPM);C:\Program Files\Common Files\Microsoft Shared\Speech\csvde.exe [2008-04-21 08:55]
S3 SetupNTGLM7X;SetupNTGLM7X;H:\NTGLM7X.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 14:24:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 18:52:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-22 18:55:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 16:55:05
ComboFix2.txt 2008-04-22 16:21:46
Adresářů: 10, Volných bajtů: 2,347,167,744
Adres ý…: 12, Volněch bajt…: 2,264,940,544
267 --- E O F --- 2008-04-22 16:25:59
tady je ten novej vypis:
ComboFix 08-04-20.5 - Feanor 2008-04-22 18:46:49.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.491 [GMT 2:00]
Running from: C:\Documents and Settings\Feanor.DAT\Data aplikací\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
Command switches used :: C:\Documents and Settings\Feanor.DAT\Plocha\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\682506700
C:\WINDOWS\BM2b9d0aff.xml
C:\WINDOWS\qaszpurn.sys
C:\WINDOWS\system32\jclgcpuk.ini
C:\WINDOWS\system32\jtsrdaqm.ini
C:\WINDOWS\system32\pvvblhqu.ini
C:\WINDOWS\system32\wltwvffk.ini
C:\WINDOWS\system32\yllcunit.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\682506700
C:\Documents and Settings\Feanor.DAT\Data aplikací\inst.exe
C:\WINDOWS\BM2b9d0aff.xml
C:\WINDOWS\qaszpurn.sys
C:\WINDOWS\system32\jclgcpuk.ini
C:\WINDOWS\system32\jtsrdaqm.ini
C:\WINDOWS\system32\pvvblhqu.ini
C:\WINDOWS\system32\wltwvffk.ini
C:\WINDOWS\system32\yllcunit.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_qaszpurn
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.
2008-04-22 17:41 . 2008-04-22 17:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 11:12 . 2008-04-22 11:12 <DIR> d-------- C:\WINDOWS\system32\cs-cz
2008-04-22 11:02 . 2006-09-06 17:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-22 11:01 . 2008-04-22 18:48 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-22 11:01 . 2008-04-22 18:25 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-22 09:21 . 2008-04-22 09:21 <DIR> d-------- C:\Program Files\Opera
2008-04-21 18:09 . 2008-04-21 18:09 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-21 18:09 . 2008-04-21 18:09 <DIR> d-------- C:\Program Files\CCleaner
2008-04-21 15:13 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-04-21 15:10 . 2008-04-21 15:10 <DIR> d-------- C:\Program Files\ESET
2008-04-21 14:52 . 2008-04-21 14:52 <DIR> d---s---- C:\Documents and Settings\Feanor.DAT\UserData
2008-04-20 21:31 . 2008-04-20 21:39 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-04-20 21:31 . 2008-04-20 21:48 64,606 --a------ C:\WINDOWS\War3Unin.dat
2008-04-20 21:31 . 2008-04-20 21:39 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-04-16 18:17 . 2008-04-22 18:50 34,095,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-16 18:17 . 2008-04-22 18:50 400,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-16 18:15 . 2008-04-16 18:15 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-04-16 18:13 . 2008-03-13 23:11 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-16 18:13 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-16 18:13 . 2008-04-16 18:15 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-04-16 18:12 . 2008-04-16 18:12 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-16 16:14 . 2008-04-21 19:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-16 16:14 . 2008-04-16 16:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-16 13:10 . 2008-04-16 13:10 <DIR> d-------- C:\Program Files\Macromedia
2008-04-14 16:20 . 2008-04-14 16:20 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-04-14 16:20 . 2008-04-14 16:20 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-14 15:24 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-14 15:24 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
2008-03-31 23:25 . 2008-03-31 23:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 23:25 . 2008-03-31 23:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 23:25 . 2008-03-31 23:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 23:25 . 2008-03-31 23:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 23:25 . 2008-03-31 23:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-26 19:30 . 2008-03-26 19:30 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-16 11:11 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-04-13 20:27 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-10 15:42 --------- d-----w C:\Program Files\DivX
2008-04-08 20:29 --------- d-----w C:\Program Files\BSplayer Pro
2008-03-26 09:55 --------- d-----w C:\Program Files\ATI Technologies
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 17:42 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-20 16:10 --------- d-----w C:\Program Files\Rapid-I
2008-03-20 11:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-19 21:43 --------- d-----w C:\Program Files\Creative
2008-03-19 21:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 21:31 --------- d-----w C:\Program Files\Codec Pack - VobSub
2008-03-19 21:26 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-03-19 21:26 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-03-19 20:34 --------- d-----w C:\Program Files\CyberLink
2008-03-17 14:32 --------- d-----w C:\Program Files\PSPad editor
2008-03-13 21:11 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-03-13 18:17 --------- d-----w C:\Program Files\KSB
2008-03-10 16:41 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-10 16:41 249,856 ------w C:\WINDOWS\Setup1.exe
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:21 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 20:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2008-02-24 20:09 --------- d-----w C:\Program Files\GameSpy
2008-02-24 19:47 --------- d-----w C:\Program Files\QIP
2008-02-21 02:05 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-02-21 02:05 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-21 02:05 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-01-31 23:26 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.
------- Sigcheck -------
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 c81d6a930a7805f6daa0c7902b99037e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-22_18.21.07.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-02-25 03:34:44 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB898461\spmsg.dll
+ 2005-02-25 03:34:44 211,680 ----a-w C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
+ 2005-02-25 03:34:44 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB898461\spupdsvc.exe
+ 2005-02-25 03:34:44 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\spcustom.dll
+ 2005-02-25 03:34:45 722,144 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
+ 2005-02-25 03:34:46 380,128 ----a-w C:\WINDOWS\$hf_mig$\KB898461\update\updspapi.dll
- 2008-04-22 16:18:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-22 16:51:23 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-17 13:49:14 2,804,224 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2005-05-04 12:45:32 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-08-17 13:49:26 77,312 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2005-05-04 12:45:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2004-08-17 13:49:14 331,264 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2005-05-04 12:45:36 271,360 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
- 2004-08-17 13:48:30 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
+ 2005-05-04 12:45:36 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
- 2004-08-17 13:49:14 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
+ 2005-05-04 12:45:36 15,360 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
- 2004-08-17 13:49:22 120,320 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 17:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2004-08-17 13:49:14 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
+ 2005-05-04 12:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-17 13:49:26 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 12:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2004-08-17 13:49:14 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 12:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-17 13:48:30 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 12:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2004-08-17 13:49:14 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 12:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
- 2004-08-17 13:49:22 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 17:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f0d4b231-da4b-4daf-81e4-dfee4931a4aa}]
2008-04-16 18:15 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 16:58 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 22:05 344064]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 13:17 61440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 15:49 110592 C:\WINDOWS\system32\bthprops.cpl]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 15:49 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"antivirservice"=2 (0x2)
"antivirscheduler"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"D:\\Hry\\NWN_DE\\nwmain.exe"=
"D:\\Hry\\W3\\war3.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"D:\\Hry\\Rome - Total War\\RomeTW.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Civilization4.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"D:\\Hry\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"D:\\Hry\\Space Empires IV Gold\\Se4.exe"=
"F:\\Zaloha\\wincmd\\WINCMD32.EXE"=
"D:\\Programy\\MATLAB\\R2007b\\bin\\win32\\MATLAB.exe"=
"D:\\Hry\\Worms\\WWP.EXE"=
"D:\\Hry\\CS1.6_with_Bots\\Valve\\hl.exe"=
"D:\\Hry\\CS1.6_with_Bots\\Valve\\hlds.exe"=
"D:\\Hry\\CS1.6_with_Bots\\Valve\\hltv.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 InterBaseGuardian;InterBase Guardian;d:\Programy\Borland\InterBase\bin\ibguard.exe [2001-11-29 08:50]
R3 InterBaseServer;InterBase Server;d:\Programy\Borland\InterBase\bin\ibserver.exe [2001-11-29 08:50]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 rpcm;Remote Procedure Manager(TPM);C:\Program Files\Common Files\Microsoft Shared\Speech\csvde.exe [2008-04-21 08:55]
S3 SetupNTGLM7X;SetupNTGLM7X;H:\NTGLM7X.sys []
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 14:24:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 18:52:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-22 18:55:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-22 16:55:05
ComboFix2.txt 2008-04-22 16:21:46
Adresářů: 10, Volných bajtů: 2,347,167,744
Adres ý…: 12, Volněch bajt…: 2,264,940,544
267 --- E O F --- 2008-04-22 16:25:59
Re: Kontrola hijackthis
Ok. Ještě pro doladění fixni v HijackThis tyto zbytečnosti:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background - Tímto se spouští W messenger po startu pc, zobrazuje ikonku u hodin, pokud nepoužíváte můžete fixnout
O11 - Options group: [international] International*
+ pročistěte CCleanerem a T-Cleanerem.
+ aktualizujte Javu:
Přejdi na webovou stránku http://java.sun.com/javase/downloads/index.jsp - odroluj kousek dolu, tam, kde je napsáno Java Runtime Environment (JRE) 6 Update 5 klikni na Download - nyní vyber svůj operační systém v kolonce Platform a jazyk v kolonce Language - potvrď licenční ujednání zatržením kolonky vedle textu I agree to the Java SE Runtime Environment 6 License Agreement - klikni na Continue - nyní vyber, jakou instalaci chceš, doporučuji vybrat Offline verzi instalačního balíčku (Windows Offline Installation)...
- Windows Offline Installation pro instalování bez nutnosti Internetového připojení
- Windows x64 executable pro instalaci na 64-bitové operační systémy
- Windows Online Installation pro instalaci za nutnosti Internetového připojení
...(následující návod je psán na Windows Offline Installation) a začni stahovat kliknutím na odkaz - soubor ulož kamkoli na disk, ale tak, aby si ho našel:) - pozavírej všechny spuštěnné programy (webový prohlížeč, messenger, ...) - přes Start -> Tento počítač -> Přidat nebo odebrat programy odinstaluj všechny verze Javy - smaž jejich složky v Program Files, pročisti třeba CCleanerem - po tomto kroku restartuj počítač - po restartu už můžeš spustit instalaci nové Javy, kterou si stáhnul a uložil na začátku návodu
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background - Tímto se spouští W messenger po startu pc, zobrazuje ikonku u hodin, pokud nepoužíváte můžete fixnout
O11 - Options group: [international] International*
+ pročistěte CCleanerem a T-Cleanerem.
+ aktualizujte Javu:
Přejdi na webovou stránku http://java.sun.com/javase/downloads/index.jsp - odroluj kousek dolu, tam, kde je napsáno Java Runtime Environment (JRE) 6 Update 5 klikni na Download - nyní vyber svůj operační systém v kolonce Platform a jazyk v kolonce Language - potvrď licenční ujednání zatržením kolonky vedle textu I agree to the Java SE Runtime Environment 6 License Agreement - klikni na Continue - nyní vyber, jakou instalaci chceš, doporučuji vybrat Offline verzi instalačního balíčku (Windows Offline Installation)...
- Windows Offline Installation pro instalování bez nutnosti Internetového připojení
- Windows x64 executable pro instalaci na 64-bitové operační systémy
- Windows Online Installation pro instalaci za nutnosti Internetového připojení
...(následující návod je psán na Windows Offline Installation) a začni stahovat kliknutím na odkaz - soubor ulož kamkoli na disk, ale tak, aby si ho našel:) - pozavírej všechny spuštěnné programy (webový prohlížeč, messenger, ...) - přes Start -> Tento počítač -> Přidat nebo odebrat programy odinstaluj všechny verze Javy - smaž jejich složky v Program Files, pročisti třeba CCleanerem - po tomto kroku restartuj počítač - po restartu už můžeš spustit instalaci nové Javy, kterou si stáhnul a uložil na začátku návodu
Re: Kontrola hijackthis
Diky moc, jsem tvym dluznikem.
Jeste bych se chtel zeptat. To ze me neslo vyhledavat na googlu bylo nejakym poskozenym registrem nebo virem? Jo a tu vyssi verzi Javy jsem si mel nainstalovat z jakyho duvodu?
Jinak jeste jednou diky. Hodne jsi me pomohl.
Jeste bych se chtel zeptat. To ze me neslo vyhledavat na googlu bylo nejakym poskozenym registrem nebo virem? Jo a tu vyssi verzi Javy jsem si mel nainstalovat z jakyho duvodu?
Jinak jeste jednou diky. Hodne jsi me pomohl.
Re: Kontrola hijackthis
To ze me neslo vyhledavat na googlu bylo nejakym poskozenym registrem nebo virem?
Zřejmě virem.
Javu si aktualizujte, je vždycky lepší mít aktuální verzi - jsou opravené různé chyby atd.
Jinak nemáte zač, kdyby něco dejte vědět.
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů