Cau, mohl by mi to pls nekdo zkouknout? Pocitac se mi zapne celkem rychle, ale přihlašuje se mi klidně i 10 minut, a všechno je mnohem pomalejší než bylo dříve
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:41, on 27.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O2 - BHO: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: daemon.lnk = C:\Program Files\D-Tools\daemon.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/ ... bAgent.CAB
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - http://www.listicka.cz/toolbar.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 4989259421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4989239109
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D312E02E-F58D-48C2-AA86-8AB9538DEE40}: NameServer = 194.228.41.65 194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: evenncob.dll confega.dll egastat.dll msisnwcf.dll confcon.dll constat.dll confatt.dll attstat.dll confbrw.dll brwstat.dll mididpnh.dll olecmsre.dll
O20 - Winlogon Notify: attmgr - attmgr32.dll (file missing)
O20 - Winlogon Notify: conmgr - conmgr32.dll (file missing)
O20 - Winlogon Notify: lprmneth - C:\WINDOWS\
O20 - Winlogon Notify: sbeddem - C:\WINDOWS\
O20 - Winlogon Notify: sysshtic - C:\WINDOWS\
O20 - Winlogon Notify: wmspmsv1 - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9941 bytes
Kontrola logu- Sanko
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu- Sanko
Vítej na fóru
Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Kontrola logu- Sanko
OK tady ho máš
ComboFix 08-05-27.4 - Admin 2008-05-28 15:13:02.1 - NTFSx86
Running from: C:\Documents and Settings\Admin\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\MSINET.oca
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))
.
2036-02-07 03:58 . 2036-02-07 03:58 60,416 --a------ C:\WINDOWS\ST4UNST.EXE
2008-06-01 18:26 . 2008-06-01 18:26 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-06-01 17:19 . 2008-06-01 17:19 <DIR> d-------- C:\WINDOWS\Performance
2008-06-01 17:18 . 2008-06-01 17:18 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-06-01 15:11 . 2008-06-01 15:11 <DIR> d-------- C:\Themes
2008-05-28 13:38 . 2008-05-28 13:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-27 20:59 . 2008-05-27 21:18 <DIR> d-------- C:\Program Files\RegCleaner
2008-05-26 19:34 . 2008-05-26 20:02 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-26 18:20 . 2008-05-27 16:18 218 --a------ C:\WINDOWS\wcx_ftp.ini
2008-05-16 19:28 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-05-16 19:28 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-05-16 19:28 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-05-16 19:28 . 2006-09-28 16:03 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-05-06 20:21 . 2008-05-06 20:39 <DIR> d-------- C:\Program Files\Paint.NET
2008-05-06 17:50 . 2008-05-06 17:50 <DIR> d-------- C:\Program Files\JitBit
2008-05-06 17:48 . 2008-05-06 17:48 <DIR> d-------- C:\Program Files\Sweet Home 3D
2008-05-02 19:31 . 2008-05-02 19:31 45 --a------ C:\WINDOWS\system32\initdebug.nfo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 13:02 --------- d-----w C:\Program Files\Electronic Arts
2008-05-24 18:54 47 ----a-w C:\Program Files\ZAV.txt
2008-05-24 17:13 --------- d-----w C:\Program Files\ZAV1
2008-05-16 15:48 --------- d-----w C:\Program Files\EA GAMES
2008-05-12 19:34 --------- d-----w C:\Program Files\totalcmd
2008-05-10 11:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 17:40 --------- d-----w C:\Program Files\Valve
2008-04-19 18:03 --------- d-----w C:\Program Files\Hasbro Interactive
2008-04-19 17:09 --------- d-----w C:\Program Files\1C
2008-04-17 16:41 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-10 14:00 --------- d-----w C:\Program Files\ATI Technologies
2008-04-05 13:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-05 13:38 249,856 ------w C:\WINDOWS\Setup1.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 17:36 90112]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-02 13:59 77824]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 21:05 339968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 15:47 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\attmgr]
attmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\conmgr]
conmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lprmneth]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sbeddem]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysshtic]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmspmsv1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.MJPG"= pvmjpg21.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"E:\\Programy\\eMule\\emule.exe"=
"C:\\Hry\\Little Fighters2\\lf2.exe"=
"C:\\Program Files\\Windows NT\\Pinball\\pinball.exe"=
"C:\\Games\\Quake III Arena\\quake3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Games\\Age of Empires II\\empires2.exe"=
"E:\\Games\\Age of Empires II\\aoe 2 c\\age2_x1.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Hry\\bulanci\\bulanci.exe"=
"E:\\Games\\BFME 2\\game.dat"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"E:\\Games\\Diablo II- 1.10\\Game.exe"=
"E:\\Games\\MEDIAN Diablo II- 1.10\\Game.exe"=
"E:\\Games\\Diablo II- 1.11\\DLoad.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\GGclient.exe"=
"C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\RCT.EXE"=
"C:\\Games\\cs\\hl.exe"=
"E:\\Programy\\totalcmd\\TOTALCMD.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8139:TCP"= 8139:TCP:*:Disabled:BitComet 8139 TCP
"8139:UDP"= 8139:UDP:*:Disabled:BitComet 8139 UDP
"12818:TCP"= 12818:TCP:*:Disabled:BitComet 12818 TCP
"12818:UDP"= 12818:UDP:*:Disabled:BitComet 12818 UDP
"15486:TCP"= 15486:TCP:BitComet 15486 TCP
"15486:UDP"= 15486:UDP:BitComet 15486 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"9290:TCP"= 9290:TCP:BitComet 9290 TCP
"9290:UDP"= 9290:UDP:BitComet 9290 UDP
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-10-13 15:46]
R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\system32\DRIVERS\DLPortIO.sys [1999-01-10 13:00]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 RadPciNT;RadPciNT;C:\WINDOWS\system32\Drivers\RadPciNT.sys [2000-04-24 19:26]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 15:24:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
folder error: C:\DOCUME~1\Admin\LOCALS~1\Temp\
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
.
**************************************************************************
.
Completion time: 2008-05-28 15:29:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-28 13:29:28
Adresářů: 19, Volných bajtů: 12,549,505,024
Adres ý…: 22, Volněch bajt…: 13,040,046,080
167 --- E O F --- 2008-05-28 11:26:48
ComboFix 08-05-27.4 - Admin 2008-05-28 15:13:02.1 - NTFSx86
Running from: C:\Documents and Settings\Admin\Plocha\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\MSINET.oca
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))
.
2036-02-07 03:58 . 2036-02-07 03:58 60,416 --a------ C:\WINDOWS\ST4UNST.EXE
2008-06-01 18:26 . 2008-06-01 18:26 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-06-01 17:19 . 2008-06-01 17:19 <DIR> d-------- C:\WINDOWS\Performance
2008-06-01 17:18 . 2008-06-01 17:18 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-06-01 15:11 . 2008-06-01 15:11 <DIR> d-------- C:\Themes
2008-05-28 13:38 . 2008-05-28 13:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-27 20:59 . 2008-05-27 21:18 <DIR> d-------- C:\Program Files\RegCleaner
2008-05-26 19:34 . 2008-05-26 20:02 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-26 18:20 . 2008-05-27 16:18 218 --a------ C:\WINDOWS\wcx_ftp.ini
2008-05-16 19:28 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-05-16 19:28 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-05-16 19:28 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-05-16 19:28 . 2006-09-28 16:03 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-05-06 20:21 . 2008-05-06 20:39 <DIR> d-------- C:\Program Files\Paint.NET
2008-05-06 17:50 . 2008-05-06 17:50 <DIR> d-------- C:\Program Files\JitBit
2008-05-06 17:48 . 2008-05-06 17:48 <DIR> d-------- C:\Program Files\Sweet Home 3D
2008-05-02 19:31 . 2008-05-02 19:31 45 --a------ C:\WINDOWS\system32\initdebug.nfo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 13:02 --------- d-----w C:\Program Files\Electronic Arts
2008-05-24 18:54 47 ----a-w C:\Program Files\ZAV.txt
2008-05-24 17:13 --------- d-----w C:\Program Files\ZAV1
2008-05-16 15:48 --------- d-----w C:\Program Files\EA GAMES
2008-05-12 19:34 --------- d-----w C:\Program Files\totalcmd
2008-05-10 11:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 17:40 --------- d-----w C:\Program Files\Valve
2008-04-19 18:03 --------- d-----w C:\Program Files\Hasbro Interactive
2008-04-19 17:09 --------- d-----w C:\Program Files\1C
2008-04-17 16:41 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-10 14:00 --------- d-----w C:\Program Files\ATI Technologies
2008-04-05 13:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-05 13:38 249,856 ------w C:\WINDOWS\Setup1.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 17:36 90112]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-02 13:59 77824]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 21:05 339968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 15:47 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\attmgr]
attmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\conmgr]
conmgr32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lprmneth]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sbeddem]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysshtic]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmspmsv1]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.MJPG"= pvmjpg21.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"E:\\Programy\\eMule\\emule.exe"=
"C:\\Hry\\Little Fighters2\\lf2.exe"=
"C:\\Program Files\\Windows NT\\Pinball\\pinball.exe"=
"C:\\Games\\Quake III Arena\\quake3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Games\\Age of Empires II\\empires2.exe"=
"E:\\Games\\Age of Empires II\\aoe 2 c\\age2_x1.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Hry\\bulanci\\bulanci.exe"=
"E:\\Games\\BFME 2\\game.dat"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"E:\\Games\\Diablo II- 1.10\\Game.exe"=
"E:\\Games\\MEDIAN Diablo II- 1.10\\Game.exe"=
"E:\\Games\\Diablo II- 1.11\\DLoad.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\GGclient.exe"=
"C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\RCT.EXE"=
"C:\\Games\\cs\\hl.exe"=
"E:\\Programy\\totalcmd\\TOTALCMD.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8139:TCP"= 8139:TCP:*:Disabled:BitComet 8139 TCP
"8139:UDP"= 8139:UDP:*:Disabled:BitComet 8139 UDP
"12818:TCP"= 12818:TCP:*:Disabled:BitComet 12818 TCP
"12818:UDP"= 12818:UDP:*:Disabled:BitComet 12818 UDP
"15486:TCP"= 15486:TCP:BitComet 15486 TCP
"15486:UDP"= 15486:UDP:BitComet 15486 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"9290:TCP"= 9290:TCP:BitComet 9290 TCP
"9290:UDP"= 9290:UDP:BitComet 9290 UDP
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-10-13 15:46]
R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\system32\DRIVERS\DLPortIO.sys [1999-01-10 13:00]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 RadPciNT;RadPciNT;C:\WINDOWS\system32\Drivers\RadPciNT.sys [2000-04-24 19:26]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 15:24:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
folder error: C:\DOCUME~1\Admin\LOCALS~1\Temp\
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
.
**************************************************************************
.
Completion time: 2008-05-28 15:29:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-28 13:29:28
Adresářů: 19, Volných bajtů: 12,549,505,024
Adres ý…: 22, Volněch bajt…: 13,040,046,080
167 --- E O F --- 2008-05-28 11:26:48
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu- Sanko
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\attmgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\conmgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lprmneth]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sbeddem]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysshtic]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wmspmsv1]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Kontrola logu- Sanko
Tady mas Combo FIX:
ComboFix 08-05-27.4 - Admin 2008-05-29 19:05:14.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.176 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.
2036-02-07 03:58 . 2036-02-07 03:58 60,416 --a------ C:\WINDOWS\ST4UNST.EXE
2008-06-01 18:26 . 2008-06-01 18:26 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-06-01 17:19 . 2008-06-01 17:19 <DIR> d-------- C:\WINDOWS\Performance
2008-06-01 17:18 . 2008-06-01 17:18 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-06-01 15:11 . 2008-06-01 15:11 <DIR> d-------- C:\Themes
2008-05-28 15:29 . 2008-05-28 15:29 <DIR> d-------- C:\Documents and Settings\Tßta
2008-05-28 15:29 . 2008-05-28 15:29 <DIR> d-------- C:\Documents and Settings\MonŔiŔßk
2008-05-28 15:29 . 2008-05-28 15:29 <DIR> d-------- C:\Documents and Settings\Mßma
2008-05-28 13:38 . 2008-05-28 13:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-27 20:59 . 2008-05-27 21:18 <DIR> d-------- C:\Program Files\RegCleaner
2008-05-26 19:42 . 2008-05-26 19:42 <DIR> d-------- C:\Documents and Settings\Admin\Data aplikací\IObit
2008-05-26 19:34 . 2008-05-26 20:02 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-26 18:20 . 2008-05-27 16:18 218 --a------ C:\WINDOWS\wcx_ftp.ini
2008-05-21 22:07 . 2008-05-21 22:07 <DIR> d-------- C:\Documents and Settings\MoniSHka\Data aplikací\InterVideo
2008-05-16 19:49 . 2008-05-16 19:49 <DIR> dr-h----- C:\Documents and Settings\Admin\Data aplikací\SecuROM
2008-05-16 19:28 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-05-16 19:28 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-05-16 19:28 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-05-16 19:28 . 2006-09-28 16:03 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-05-16 16:22 . 2008-05-16 16:22 <DIR> d-------- C:\Documents and Settings\Admin\Data aplikací\Datarescue
2008-05-06 20:21 . 2008-05-06 20:39 <DIR> d-------- C:\Program Files\Paint.NET
2008-05-06 17:50 . 2008-05-06 17:50 <DIR> d-------- C:\Program Files\JitBit
2008-05-06 17:48 . 2008-05-06 17:48 <DIR> d-------- C:\Program Files\Sweet Home 3D
2008-05-04 12:52 . 2008-05-04 12:52 <DIR> d-------- C:\Documents and Settings\MoniSHka\Data aplikací\Teleca
2008-05-02 19:31 . 2008-05-02 19:31 45 --a------ C:\WINDOWS\system32\initdebug.nfo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2036-02-07 01:58 98,356 ----a-w C:\WINDOWS\system32\MSJTER32.DLL
2036-02-07 01:58 973,584 ----a-w C:\WINDOWS\system32\MSJT3032.DLL
2036-02-07 01:58 61,440 ----a-w C:\WINDOWS\system32\MSJINT32.DLL
2036-02-07 01:58 327,680 ----a-w C:\WINDOWS\system32\MSWNG300.DLL
2036-02-07 01:58 266,240 ----a-w C:\WINDOWS\system32\MSRD2X32.DLL
2036-02-07 01:58 244,496 ----a-w C:\WINDOWS\system32\VBAR2232.DLL
2008-06-01 15:45 --------- d-----w C:\Documents and Settings\Admin\Data aplikací\MSN6
2008-06-01 15:19 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Corporation
2008-06-01 13:02 --------- d-----w C:\Program Files\Electronic Arts
2008-05-28 15:14 --------- d-----w C:\Documents and Settings\Admin\Data aplikací\Hamachi
2008-05-24 18:54 47 ----a-w C:\Program Files\ZAV.txt
2008-05-24 17:13 --------- d-----w C:\Program Files\ZAV1
2008-05-23 15:18 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-05-16 17:49 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-16 15:48 --------- d-----w C:\Program Files\EA GAMES
2008-05-12 19:34 --------- d-----w C:\Program Files\totalcmd
2008-05-10 11:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 17:40 --------- d-----w C:\Program Files\Valve
2008-04-19 18:03 --------- d-----w C:\Program Files\Hasbro Interactive
2008-04-19 17:09 --------- d-----w C:\Program Files\1C
2008-04-17 16:41 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-14 13:59 --------- d-----w C:\Documents and Settings\MoniSHka\Data aplikací\Hamachi
2008-04-10 14:00 --------- d-----w C:\Program Files\ATI Technologies
2008-04-05 13:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-05 13:38 249,856 ------w C:\WINDOWS\Setup1.exe
2008-03-31 12:39 --------- d-----w C:\Documents and Settings\MoniSHka\Data aplikací\Sony Ericsson
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-06-10 18:23 21,408 ----a-w C:\Documents and Settings\Máma\Data aplikací\GDIPFONTCACHEV1.DAT
2007-04-01 14:44 21,408 ----a-w C:\Documents and Settings\Admin\Data aplikací\GDIPFONTCACHEV1.DAT
2006-06-05 15:42 289 ----a-w C:\Documents and Settings\Admin\Data aplikací\DelAll.bat
2005-12-09 17:57 21,464 ----a-w C:\Documents and Settings\Táta\Data aplikací\GDIPFONTCACHEV1.DAT
2004-10-11 15:22 20,520 ----a-w C:\Documents and Settings\Administrator\Data aplikací\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-05-28_15.29.08.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 13:21:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-29 16:53:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-29 13:51:09 1,604 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{4E5B9CA3-E862-410D-ABE0-528AE297D02D}.bin
- 2004-08-17 13:49:12 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 12:01:27 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2004-08-17 13:49:12 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 12:01:27 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 17:36 90112]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-02 13:59 77824]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 21:05 339968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 15:47 219136]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-09-21 23:12:14 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.MJPG"= pvmjpg21.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"E:\\Programy\\eMule\\emule.exe"=
"C:\\Hry\\Little Fighters2\\lf2.exe"=
"C:\\Program Files\\Windows NT\\Pinball\\pinball.exe"=
"C:\\Games\\Quake III Arena\\quake3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Games\\Age of Empires II\\empires2.exe"=
"E:\\Games\\Age of Empires II\\aoe 2 c\\age2_x1.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Hry\\bulanci\\bulanci.exe"=
"E:\\Games\\BFME 2\\game.dat"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"E:\\Games\\Diablo II- 1.10\\Game.exe"=
"E:\\Games\\MEDIAN Diablo II- 1.10\\Game.exe"=
"E:\\Games\\Diablo II- 1.11\\DLoad.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\GGclient.exe"=
"C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\RCT.EXE"=
"C:\\Games\\cs\\hl.exe"=
"E:\\Programy\\totalcmd\\TOTALCMD.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8139:TCP"= 8139:TCP:*:Disabled:BitComet 8139 TCP
"8139:UDP"= 8139:UDP:*:Disabled:BitComet 8139 UDP
"12818:TCP"= 12818:TCP:*:Disabled:BitComet 12818 TCP
"12818:UDP"= 12818:UDP:*:Disabled:BitComet 12818 UDP
"15486:TCP"= 15486:TCP:BitComet 15486 TCP
"15486:UDP"= 15486:UDP:BitComet 15486 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"9290:TCP"= 9290:TCP:BitComet 9290 TCP
"9290:UDP"= 9290:UDP:BitComet 9290 UDP
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-10-13 15:46]
R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\system32\DRIVERS\DLPortIO.sys [1999-01-10 13:00]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 RadPciNT;RadPciNT;C:\WINDOWS\system32\Drivers\RadPciNT.sys [2000-04-24 19:26]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 19:09:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
folder error: C:\DOCUME~1\Admin\LOCALS~1\Temp\
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-29 19:11:22
ComboFix-quarantined-files.txt 2008-05-29 17:11:08
ComboFix2.txt 2008-05-28 13:29:36
Adresářů: 19, Volných bajtů: 12,990,447,616
Adresářů: 22, Volných bajtů: 13,028,614,144
181 --- E O F --- 2008-05-29 13:51:09
A tady Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:42, on 29.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O2 - BHO: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/ ... bAgent.CAB
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - http://www.listicka.cz/toolbar.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 4989259421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4989239109
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D312E02E-F58D-48C2-AA86-8AB9538DEE40}: NameServer = 194.228.41.65 194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9007 bytes
ComboFix 08-05-27.4 - Admin 2008-05-29 19:05:14.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.176 [GMT 2:00]
Running from: C:\Documents and Settings\Admin\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Plocha\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.
2036-02-07 03:58 . 2036-02-07 03:58 60,416 --a------ C:\WINDOWS\ST4UNST.EXE
2008-06-01 18:26 . 2008-06-01 18:26 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe
2008-06-01 17:19 . 2008-06-01 17:19 <DIR> d-------- C:\WINDOWS\Performance
2008-06-01 17:18 . 2008-06-01 17:18 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-06-01 15:11 . 2008-06-01 15:11 <DIR> d-------- C:\Themes
2008-05-28 15:29 . 2008-05-28 15:29 <DIR> d-------- C:\Documents and Settings\Tßta
2008-05-28 15:29 . 2008-05-28 15:29 <DIR> d-------- C:\Documents and Settings\MonŔiŔßk
2008-05-28 15:29 . 2008-05-28 15:29 <DIR> d-------- C:\Documents and Settings\Mßma
2008-05-28 13:38 . 2008-05-28 13:38 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-27 20:59 . 2008-05-27 21:18 <DIR> d-------- C:\Program Files\RegCleaner
2008-05-26 19:42 . 2008-05-26 19:42 <DIR> d-------- C:\Documents and Settings\Admin\Data aplikací\IObit
2008-05-26 19:34 . 2008-05-26 20:02 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-26 18:20 . 2008-05-27 16:18 218 --a------ C:\WINDOWS\wcx_ftp.ini
2008-05-21 22:07 . 2008-05-21 22:07 <DIR> d-------- C:\Documents and Settings\MoniSHka\Data aplikací\InterVideo
2008-05-16 19:49 . 2008-05-16 19:49 <DIR> dr-h----- C:\Documents and Settings\Admin\Data aplikací\SecuROM
2008-05-16 19:28 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-05-16 19:28 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-05-16 19:28 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-05-16 19:28 . 2006-09-28 16:03 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-05-16 16:22 . 2008-05-16 16:22 <DIR> d-------- C:\Documents and Settings\Admin\Data aplikací\Datarescue
2008-05-06 20:21 . 2008-05-06 20:39 <DIR> d-------- C:\Program Files\Paint.NET
2008-05-06 17:50 . 2008-05-06 17:50 <DIR> d-------- C:\Program Files\JitBit
2008-05-06 17:48 . 2008-05-06 17:48 <DIR> d-------- C:\Program Files\Sweet Home 3D
2008-05-04 12:52 . 2008-05-04 12:52 <DIR> d-------- C:\Documents and Settings\MoniSHka\Data aplikací\Teleca
2008-05-02 19:31 . 2008-05-02 19:31 45 --a------ C:\WINDOWS\system32\initdebug.nfo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2036-02-07 01:58 98,356 ----a-w C:\WINDOWS\system32\MSJTER32.DLL
2036-02-07 01:58 973,584 ----a-w C:\WINDOWS\system32\MSJT3032.DLL
2036-02-07 01:58 61,440 ----a-w C:\WINDOWS\system32\MSJINT32.DLL
2036-02-07 01:58 327,680 ----a-w C:\WINDOWS\system32\MSWNG300.DLL
2036-02-07 01:58 266,240 ----a-w C:\WINDOWS\system32\MSRD2X32.DLL
2036-02-07 01:58 244,496 ----a-w C:\WINDOWS\system32\VBAR2232.DLL
2008-06-01 15:45 --------- d-----w C:\Documents and Settings\Admin\Data aplikací\MSN6
2008-06-01 15:19 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Corporation
2008-06-01 13:02 --------- d-----w C:\Program Files\Electronic Arts
2008-05-28 15:14 --------- d-----w C:\Documents and Settings\Admin\Data aplikací\Hamachi
2008-05-24 18:54 47 ----a-w C:\Program Files\ZAV.txt
2008-05-24 17:13 --------- d-----w C:\Program Files\ZAV1
2008-05-23 15:18 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-05-16 17:49 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-16 15:48 --------- d-----w C:\Program Files\EA GAMES
2008-05-12 19:34 --------- d-----w C:\Program Files\totalcmd
2008-05-10 11:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 17:40 --------- d-----w C:\Program Files\Valve
2008-04-19 18:03 --------- d-----w C:\Program Files\Hasbro Interactive
2008-04-19 17:09 --------- d-----w C:\Program Files\1C
2008-04-17 16:41 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-14 13:59 --------- d-----w C:\Documents and Settings\MoniSHka\Data aplikací\Hamachi
2008-04-10 14:00 --------- d-----w C:\Program Files\ATI Technologies
2008-04-05 13:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-04-05 13:38 249,856 ------w C:\WINDOWS\Setup1.exe
2008-03-31 12:39 --------- d-----w C:\Documents and Settings\MoniSHka\Data aplikací\Sony Ericsson
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-06-10 18:23 21,408 ----a-w C:\Documents and Settings\Máma\Data aplikací\GDIPFONTCACHEV1.DAT
2007-04-01 14:44 21,408 ----a-w C:\Documents and Settings\Admin\Data aplikací\GDIPFONTCACHEV1.DAT
2006-06-05 15:42 289 ----a-w C:\Documents and Settings\Admin\Data aplikací\DelAll.bat
2005-12-09 17:57 21,464 ----a-w C:\Documents and Settings\Táta\Data aplikací\GDIPFONTCACHEV1.DAT
2004-10-11 15:22 20,520 ----a-w C:\Documents and Settings\Administrator\Data aplikací\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-05-28_15.29.08.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-28 13:21:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-29 16:53:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-29 13:51:09 1,604 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{4E5B9CA3-E862-410D-ABE0-528AE297D02D}.bin
- 2004-08-17 13:49:12 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 12:01:27 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2004-08-17 13:49:12 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 12:01:27 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 15:49 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 17:36 90112]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-02 13:59 77824]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 21:05 339968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 15:49 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 15:47 219136]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2004-09-21 23:12:14 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.MJPG"= pvmjpg21.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"E:\\Programy\\eMule\\emule.exe"=
"C:\\Hry\\Little Fighters2\\lf2.exe"=
"C:\\Program Files\\Windows NT\\Pinball\\pinball.exe"=
"C:\\Games\\Quake III Arena\\quake3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Games\\Age of Empires II\\empires2.exe"=
"E:\\Games\\Age of Empires II\\aoe 2 c\\age2_x1.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Hry\\bulanci\\bulanci.exe"=
"E:\\Games\\BFME 2\\game.dat"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"E:\\Games\\Diablo II- 1.10\\Game.exe"=
"E:\\Games\\MEDIAN Diablo II- 1.10\\Game.exe"=
"E:\\Games\\Diablo II- 1.11\\DLoad.exe"=
"C:\\Program Files\\QIP\\qip.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\GGclient.exe"=
"C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\Garena.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Hasbro Interactive\\RollerCoaster Tycoon\\RCT.EXE"=
"C:\\Games\\cs\\hl.exe"=
"E:\\Programy\\totalcmd\\TOTALCMD.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8139:TCP"= 8139:TCP:*:Disabled:BitComet 8139 TCP
"8139:UDP"= 8139:UDP:*:Disabled:BitComet 8139 UDP
"12818:TCP"= 12818:TCP:*:Disabled:BitComet 12818 TCP
"12818:UDP"= 12818:UDP:*:Disabled:BitComet 12818 UDP
"15486:TCP"= 15486:TCP:BitComet 15486 TCP
"15486:UDP"= 15486:UDP:BitComet 15486 UDP
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"9290:TCP"= 9290:TCP:BitComet 9290 TCP
"9290:UDP"= 9290:UDP:BitComet 9290 UDP
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-10-13 15:46]
R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\system32\DRIVERS\DLPortIO.sys [1999-01-10 13:00]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 23:04]
S2 RadPciNT;RadPciNT;C:\WINDOWS\system32\Drivers\RadPciNT.sys [2000-04-24 19:26]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 23:10]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 19:09:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
folder error: C:\DOCUME~1\Admin\LOCALS~1\Temp\
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-29 19:11:22
ComboFix-quarantined-files.txt 2008-05-29 17:11:08
ComboFix2.txt 2008-05-28 13:29:36
Adresářů: 19, Volných bajtů: 12,990,447,616
Adresářů: 22, Volných bajtů: 13,028,614,144
181 --- E O F --- 2008-05-29 13:51:09
A tady Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15:42, on 29.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O2 - BHO: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/ ... bAgent.CAB
O16 - DPF: {3190CE28-0B6E-4133-A7D3-87D29CB92120} (ToolbarInetInstall Control) - http://www.listicka.cz/toolbar.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 4989259421
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4989239109
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D312E02E-F58D-48C2-AA86-8AB9538DEE40}: NameServer = 194.228.41.65 194.228.41.113
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9007 bytes
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu- Sanko
Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O2 - BHO: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O8 - Extra context menu item: &Search - ?p=ZJ
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
po zaškrtnutí klikni na tlačítko Fix Checked
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 6
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 6 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation
a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u6-windows-i586-p.exe, který sis stáhl na začátku.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pro lepší zabezpečení bych ti doporučil doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Máš ještě nějaké problémy?
- mezi comobofix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - (no file)
O2 - BHO: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O3 - Toolbar: (no name) - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - (no file)
O8 - Extra context menu item: &Search - ?p=ZJ
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
po zaškrtnutí klikni na tlačítko Fix Checked
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Doporučil bych ti aktualizovat Javu:
- Stáhni si poslední verzi Java Runtime Environment (JRE) 6 Update 6
- Posuň se dolů kde je napsáno Java Runtime Environment (JRE) 6 Update 6 a klikni na tlačítko Download
- Načte se ti nová stránka
- Pod nadpisem Select Platform and Language for your download:
* u položky Platform: vyber OS který používáš
* zatrhni možnost kde je napsáno: I agree to the Java SE Runtime Environment 6 License Agreement
* klikni na tlačítko Continue >>
- Načte se ti nová stránka
- Klikni na odkaz pro stažení pod položkou: Windows Offline Installation
a ulož si ho na disk
- Ukonči běžící programy které máš spuštěné, hlavě webový prohlížeč
- Jdi přes Start -> Ovládací panely -> Přidat nebo odebrat programy a odinstaluj všechny staré verze Javy
- Podívej se po položkách s názvem Java Runtime Environment (JRE or J2SE)
* příklady starých verzí v Přidat nebo odebrat programy:
- J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2
- Odinstaluj postupně po sobě případné všechny staré verze Javy
- Po skončení odinstalovaní restartuj Pc.
- Pak už jen spusť instalaci poslední verze ze souboru jre-6u6-windows-i586-p.exe, který sis stáhl na začátku.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Pro lepší zabezpečení bych ti doporučil doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu: Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Máš ještě nějaké problémy?
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Kontrola logu- Sanko
Ok díky moc hlavně za ochotu, udělal jsem všechno co si napsal a je to lepsi, a firewall mam Comodo, ale mam jeste jeden problem s procesem: svchost.exe, po zapnuti pocitace, ma jako jedinej proces 90-100% využití CPU, a využití paměti kolem 100 000 kB( viz. odkaz),a COMODO hlásí že se chce připojit k internetu nebo tak něco, myslím si že mi to nabíhá tak pomalu hlavně kvůli němu, není to třeba vir??
http://web.3zscv.cz/~srychetsky/svchost.bmp
http://web.3zscv.cz/~srychetsky/svchost.bmp
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu- Sanko
Většinou podobný problém býval s automatickými aktualizacemi. Udělej co je popsáno níže a dej sem pak screenshot z PE:
Až zase budeš mít vytížené CPU tak udělej toto:
Použij Process Explorer jak je popsáno a vlož sem výsledek.
Až zase budeš mít vytížené CPU tak udělej toto:
Použij Process Explorer jak je popsáno a vlož sem výsledek.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 11 hostů