ComboFix 08-11-01.04 - Jiřina 2008-11-02 10:33:40.5 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.189 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Jiřina\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Jiřina\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-02 do 2008-11-02 )))))))))))))))))))))))))))))))
.
2008-11-02 01:01 . 2004-08-03 14:05 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-11-02 01:01 . 2004-08-03 13:59 168,216 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-11-01 21:29 . 2004-09-03 05:31 2,596,864 -ra------ C:\WINDOWS\system\cmicnfg.cpl
2008-11-01 21:29 . 2004-02-17 03:51 1,458,176 -ra------ C:\WINDOWS\system\SmWizard.exe
2008-11-01 21:29 . 2005-05-12 07:21 1,332,544 -ra------ C:\WINDOWS\system32\drivers\cmuda.sys
2008-11-01 21:29 . 2002-04-29 08:04 917,504 -ra------ C:\WINDOWS\system\cmids3d.dll
2008-11-01 21:29 . 2001-11-23 05:08 712,704 -ra------ C:\WINDOWS\system32\Audio3D.dll
2008-11-01 21:29 . 2001-11-23 05:08 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2008-11-01 21:29 . 2004-04-23 08:02 233,472 -ra------ C:\WINDOWS\system32\cmirmdrv.exe
2008-11-01 21:29 . 2005-05-12 04:23 167,936 -ra------ C:\WINDOWS\system32\cmuda.dll
2008-11-01 21:29 . 2003-04-24 06:29 32,768 -ra------ C:\WINDOWS\system32\udaprop.dll
2008-11-01 21:29 . 2003-02-18 11:26 28,672 -ra------ C:\WINDOWS\system32\cmirmdrv.dll
2008-11-01 21:29 . 2001-10-24 12:25 22,016 --a------ C:\WINDOWS\system32\wdmaud.drv
2008-11-01 21:28 . 2002-08-29 02:01 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-11-01 21:28 . 2002-08-29 02:01 134,272 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2008-11-01 21:28 . 2002-08-29 01:32 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-11-01 21:28 . 2002-08-29 01:32 57,856 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-11-01 21:28 . 2008-11-01 21:28 171 --a------ C:\WINDOWS\system\CmiCnfg.ini
2008-11-01 21:27 . 2008-11-01 21:27 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-11-01 21:27 . 2003-07-22 11:15 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe
2008-11-01 21:07 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-11-01 21:03 . 2008-11-01 14:13 684 --a------ C:\WINDOWS\SetupNodTrialReset.reg
2008-11-01 21:03 . 2008-11-01 13:23 280 --a------ C:\WINDOWS\NodTrialReset.reg
2008-11-01 14:33 . 2008-11-01 14:33 0 --a------ C:\WINDOWS\system32\sert.tmp
2008-11-01 14:02 . 2008-11-01 14:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-11-01 12:38 . 2008-11-01 12:38 0 --a------ C:\23990098.$$$
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-11-01 12:25 . 2008-11-01 12:25 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-11-01 12:25 . 2008-11-01 12:25 548,864 --a------ C:\WINDOWS\system32\msvcp80.dll
2008-11-01 12:25 . 2008-11-01 12:25 28,672 --a------ C:\WINDOWS\system32\eEmpty.exe
2008-11-01 12:25 . 2005-09-22 23:22 522 --a------ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2008-11-01 12:25 . 2008-11-01 12:32 54 --a------ C:\WINDOWS\Lic.xxx
2008-11-01 12:24 . 2008-11-01 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2008-11-01 12:24 . 2002-09-20 19:05 135,680 --a------ C:\WINDOWS\R.COM
2008-11-01 12:24 . 2002-09-20 19:05 130,048 --a------ C:\WINDOWS\system32\T.COM
2008-10-31 11:01 . 2008-10-31 11:01 18,944 --a------ C:\Documents and Settings\All Users\mo3TK.exe
2008-10-30 14:09 . 2008-10-30 14:09 <DIR> d-------- C:\Program Files\kX Project
2008-10-29 13:41 . 2008-10-29 13:41 <DIR> d-------- C:\My Downloads
2008-10-28 20:43 . 2008-10-28 21:47 <DIR> d-------- C:\Program Files\Undercover
2008-10-26 16:43 . 2008-10-26 16:43 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-10-26 16:43 . 2008-10-26 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar
2008-10-26 16:41 . 2008-10-26 16:44 <DIR> d-------- C:\Program Files\Winamp
2008-10-26 16:41 . 2008-10-26 19:22 <DIR> d-------- C:\Documents and Settings\Jiřina\Data aplikací\Winamp
2008-10-26 16:41 . 2007-03-08 00:51 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-10-26 16:41 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-10-26 16:41 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-10-26 13:54 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-10-26 13:54 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-26 13:54 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-10-26 13:54 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-10-26 13:54 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-10-26 13:54 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-10-26 13:54 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-10-26 13:54 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-10-26 13:54 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-10-26 13:54 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-10-26 13:54 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-10-26 13:53 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-10-26 13:53 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-10-26 13:51 . 2008-11-02 01:01 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-20 22:57 . 2008-10-20 22:57 <DIR> d-------- C:\Documents and Settings\Jiřina\Data aplikací\ATI
2008-10-20 22:49 . 2008-10-20 22:49 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-10-20 22:47 . 2008-10-20 22:47 <DIR> d-------- C:\ATI
2008-10-20 22:13 . 2008-10-20 22:13 <DIR> d-------- C:\Program Files\Lavalys
2008-10-20 21:38 . 2008-10-20 21:39 <DIR> d-------- C:\Program Files\EACOM
2008-10-20 21:36 . 2008-10-20 21:36 <DIR> d-------- C:\Program Files\EA SPORTS
2008-10-19 19:58 . 2008-10-19 19:58 <DIR> dr-h----- C:\Documents and Settings\Jiřina\Data aplikací\SecuROM
2008-10-19 19:58 . 2008-10-19 19:58 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-19 19:57 . 2008-10-19 19:57 <DIR> d-------- C:\ProgramData
2008-10-19 19:57 . 2008-10-19 19:57 6,046 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-10-19 19:33 . 2008-10-19 19:33 <DIR> d-------- C:\Documents and Settings\Jiřina\Data aplikací\Spore
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 09:16 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Skype
2008-11-01 20:19 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-11-01 20:19 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-11-01 19:48 --------- d-----w C:\Program Files\ICQToolbar
2008-10-29 12:57 --------- d-----w C:\Program Files\AviSynth 2.5
2008-10-29 12:55 --------- d-----w C:\Program Files\Peggle Deluxe
2008-10-29 12:52 --------- d-----w C:\Program Files\McDonaldsDragons
2008-10-26 18:14 --------- d-----w C:\Program Files\JetAudio
2008-10-20 21:50 --------- d-----w C:\Program Files\ATI Technologies
2008-10-20 20:39 28,624 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-10-20 20:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-19 18:57 --------- d-----w C:\Program Files\Electronic Arts
2008-10-12 15:15 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Nokia Multimedia Player
2008-10-02 12:05 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-09-29 15:22 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\ICQ
2008-09-28 08:28 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Alawar
2008-09-23 07:28 --------- d-----w C:\Program Files\ICQ6
2008-09-18 15:56 --------- d-----w C:\Program Files\Avi2Dvd
2008-09-13 16:32 --------- d-----w C:\Program Files\FlatOut
2008-09-13 15:58 --------- d-----w C:\Program Files\JoWooD
2008-09-11 20:36 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\uTorrent
2008-09-02 10:01 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Vso
2007-12-18 23:27 87,608 ----a-w C:\Documents and Settings\Jiřina\Data aplikací\ezpinst.exe
2007-12-18 23:27 47,360 ----a-w C:\Documents and Settings\Jiřina\Data aplikací\pcouffin.sys
2006-03-05 17:39 56 -csh--r C:\WINDOWS\system32\88AAAD13BA.sys
.
((((((((((((((((((((((((((((( snapshot@2008-11-01_16.26.05.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-04-29 14:04:40 917,504 ----a-w C:\WINDOWS\LastGood\system\cmids3d.dll
+ 2004-02-17 09:51:56 1,458,176 ----a-w C:\WINDOWS\LastGood\system\SmWizard.exe
+ 2001-11-23 04:08:20 712,704 ----a-r C:\WINDOWS\LastGood\System32\a3d.dll
+ 2001-11-23 11:08:20 712,704 ----a-w C:\WINDOWS\LastGood\System32\Audio3D.dll
+ 2003-02-18 10:26:28 28,672 ----a-r C:\WINDOWS\LastGood\System32\cmirmdrv.dll
+ 2004-04-23 07:02:10 233,472 ----a-r C:\WINDOWS\LastGood\System32\cmirmdrv.exe
+ 2005-12-15 17:48:20 172,032 ----a-w C:\WINDOWS\LastGood\System32\cmuda.dll
+ 2005-12-15 12:57:46 1,368,000 ----a-w C:\WINDOWS\LastGood\System32\drivers\cmuda.sys
+ 2002-08-28 23:32:34 57,856 ----a-w C:\WINDOWS\LastGood\System32\drivers\drmk.sys
+ 2002-08-29 00:01:00 134,272 ----a-w C:\WINDOWS\LastGood\System32\drivers\portcls.sys
+ 2003-04-24 12:29:08 32,768 ----a-w C:\WINDOWS\LastGood\System32\udaprop.dll
+ 2001-10-24 11:25:28 22,016 ----a-w C:\WINDOWS\LastGood\System32\wdmaud.drv
- 2002-09-20 18:03:40 14,848 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2004-08-03 12:58:08 71,448 ----a-w C:\WINDOWS\system32\cdm.dll
- 2008-10-30 15:21:06 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-11-01 23:54:59 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-10-30 15:21:06 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-11-01 23:54:59 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-10-30 15:21:06 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-01 23:54:59 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-07-30 18:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2004-08-03 12:58:08 71,448 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2003-08-25 16:06:50 182,880 -c--a-w C:\WINDOWS\system32\dllcache\iuengine.dll
+ 2004-08-03 12:59:38 185,624 -c--a-w C:\WINDOWS\system32\dllcache\iuengine.dll
- 2007-07-30 18:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2004-08-03 12:58:24 113,944 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-07-30 18:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2004-08-03 13:13:46 1,081,112 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2003-08-25 16:06:50 182,880 ----a-w C:\WINDOWS\system32\iuengine.dll
+ 2004-08-03 12:59:38 185,624 ----a-w C:\WINDOWS\system32\iuengine.dll
- 2002-09-20 18:05:52 140,288 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2004-08-03 12:58:24 113,944 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2002-09-20 18:05:12 189,440 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2004-08-03 13:13:46 1,081,112 ----a-w C:\WINDOWS\system32\wuaueng.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 1670144]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 23237416]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"NBJ"="E:\nero\Nero BackItUp\NBJ.exe" [2005-04-14 1957888]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-09-01 173304]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NodTrialReset"="regedit" [X]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 1056768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"SMail"="C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe" [2005-11-30 450560]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-08 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"Cmaudio"="cmicnfg.cpl" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 13312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
--a------ 2008-06-10 18:52 1447168 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
R1 epfwtdir;epfwtdir;C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 66048]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\System32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\s125obex.sys [2007-04-24 98696]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 10:36:14
Windows 5.1.2600 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2008-11-02 10:38:35
ComboFix-quarantined-files.txt 2008-11-02 09:38:30
ComboFix2.txt 2008-11-01 19:43:57
ComboFix3.txt 2008-11-01 18:59:25
ComboFix4.txt 2008-11-01 16:48:30
ComboFix5.txt 2008-11-02 09:32:59
Před spuštěním: 9 784 115 200
Po spuštění: 9,864,372,224
224 --- E O F --- 2007-12-04 09:48:32
poprosím o kontrolu Logu
Re: poprosím o kontrolu Logu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:14, on 2.11.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jiřina\Dokumenty\PC HELP\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLATOR\WEBIE.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLATOR\WEBIE.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\SRank.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SMail] "C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodTrialReset] regedit /s NodTrialReset.reg
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SC4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "E:\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZCxdm485YYCZ
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6082150829
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://host13.nwt.cz/activex/AMC.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://arcade.icq.com/online/online2/lu ... uncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://hostyn.nwt.cz/activex/AxisCamControl.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4833501F-48DB-419C-B74A-8F2674D3C08D}: NameServer = 10.10.10.1,10.10.10.2
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 12166 bytes
Scan saved at 10:41:14, on 2.11.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jiřina\Dokumenty\PC HELP\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLATOR\WEBIE.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLATOR\WEBIE.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\SRank.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SMail] "C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodTrialReset] regedit /s NodTrialReset.reg
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SC4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "E:\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZCxdm485YYCZ
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6082150829
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://host13.nwt.cz/activex/AMC.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://arcade.icq.com/online/online2/lu ... uncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://hostyn.nwt.cz/activex/AxisCamControl.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4833501F-48DB-419C-B74A-8F2674D3C08D}: NameServer = 10.10.10.1,10.10.10.2
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 12166 bytes
Re: poprosím o kontrolu Logu
C:\WINDOWS\system32\sert.tmp tenhle soubor je tam pořád a jeho velikost je 0 bajtů...... Bery
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43292
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: poprosím o kontrolu Logu
Tak ještě jeden script, to ostatní , co jsem měl ve scriptu jsou pozůstatky po MWAVU, odmažeme cleanerem.
Potom pošli nový log z CF, který vyjede v závěru čistícího procesu.
Kód: Vybrat vše
File::
C:\WINDOWS\system32\sert.tmpPotom pošli nový log z CF, který vyjede v závěru čistícího procesu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: poprosím o kontrolu Logu
ComboFix 08-11-01.04 - Jiřina 2008-11-02 19:27:11.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.131 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Jiřina\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Jiřina\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-02 do 2008-11-02 )))))))))))))))))))))))))))))))
.
2008-11-02 01:01 . 2004-08-03 14:05 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-11-02 01:01 . 2004-08-03 13:59 168,216 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-11-01 21:29 . 2004-09-03 05:31 2,596,864 -ra------ C:\WINDOWS\system\cmicnfg.cpl
2008-11-01 21:29 . 2004-02-17 03:51 1,458,176 -ra------ C:\WINDOWS\system\SmWizard.exe
2008-11-01 21:29 . 2005-05-12 07:21 1,332,544 -ra------ C:\WINDOWS\system32\drivers\cmuda.sys
2008-11-01 21:29 . 2002-04-29 08:04 917,504 -ra------ C:\WINDOWS\system\cmids3d.dll
2008-11-01 21:29 . 2001-11-23 05:08 712,704 -ra------ C:\WINDOWS\system32\Audio3D.dll
2008-11-01 21:29 . 2001-11-23 05:08 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2008-11-01 21:29 . 2004-04-23 08:02 233,472 -ra------ C:\WINDOWS\system32\cmirmdrv.exe
2008-11-01 21:29 . 2005-05-12 04:23 167,936 -ra------ C:\WINDOWS\system32\cmuda.dll
2008-11-01 21:29 . 2003-04-24 06:29 32,768 -ra------ C:\WINDOWS\system32\udaprop.dll
2008-11-01 21:29 . 2003-02-18 11:26 28,672 -ra------ C:\WINDOWS\system32\cmirmdrv.dll
2008-11-01 21:29 . 2001-10-24 12:25 22,016 --a------ C:\WINDOWS\system32\wdmaud.drv
2008-11-01 21:28 . 2002-08-29 02:01 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-11-01 21:28 . 2002-08-29 02:01 134,272 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2008-11-01 21:28 . 2002-08-29 01:32 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-11-01 21:28 . 2002-08-29 01:32 57,856 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-11-01 21:28 . 2008-11-01 21:28 171 --a------ C:\WINDOWS\system\CmiCnfg.ini
2008-11-01 21:27 . 2008-11-01 21:27 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-11-01 21:27 . 2003-07-22 11:15 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe
2008-11-01 21:07 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-11-01 21:03 . 2008-11-01 14:13 684 --a------ C:\WINDOWS\SetupNodTrialReset.reg
2008-11-01 21:03 . 2008-11-01 13:23 280 --a------ C:\WINDOWS\NodTrialReset.reg
2008-11-01 14:33 . 2008-11-01 14:33 0 --a------ C:\WINDOWS\system32\sert.tmp
2008-11-01 14:02 . 2008-11-01 14:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-11-01 12:38 . 2008-11-01 12:38 0 --a------ C:\23990098.$$$
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-11-01 12:25 . 2008-11-01 12:25 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-11-01 12:25 . 2008-11-01 12:25 548,864 --a------ C:\WINDOWS\system32\msvcp80.dll
2008-11-01 12:25 . 2008-11-01 12:25 28,672 --a------ C:\WINDOWS\system32\eEmpty.exe
2008-11-01 12:25 . 2005-09-22 23:22 522 --a------ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2008-11-01 12:25 . 2008-11-01 12:32 54 --a------ C:\WINDOWS\Lic.xxx
2008-11-01 12:24 . 2008-11-01 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2008-11-01 12:24 . 2002-09-20 19:05 135,680 --a------ C:\WINDOWS\R.COM
2008-11-01 12:24 . 2002-09-20 19:05 130,048 --a------ C:\WINDOWS\system32\T.COM
2008-10-31 11:01 . 2008-10-31 11:01 18,944 --a------ C:\Documents and Settings\All Users\mo3TK.exe
2008-10-30 14:09 . 2008-10-30 14:09 <DIR> d-------- C:\Program Files\kX Project
2008-10-29 13:41 . 2008-10-29 13:41 <DIR> d-------- C:\My Downloads
2008-10-28 20:43 . 2008-10-28 21:47 <DIR> d-------- C:\Program Files\Undercover
2008-10-26 16:43 . 2008-10-26 16:43 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-10-26 16:43 . 2008-10-26 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar
2008-10-26 16:41 . 2008-10-26 16:44 <DIR> d-------- C:\Program Files\Winamp
2008-10-26 16:41 . 2008-10-26 19:22 <DIR> d-------- C:\Documents and Settings\Jiřina\Data aplikací\Winamp
2008-10-26 16:41 . 2007-03-08 00:51 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-10-26 16:41 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-10-26 16:41 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-10-26 13:54 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-10-26 13:54 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-26 13:54 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-10-26 13:54 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-10-26 13:54 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-10-26 13:54 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-10-26 13:54 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-10-26 13:54 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-10-26 13:54 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-10-26 13:54 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-10-26 13:54 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-10-26 13:53 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-10-26 13:53 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-10-26 13:51 . 2008-11-02 01:01 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-20 22:57 . 2008-10-20 22:57 <DIR> d-------- C:\Documents and Settings\Jiřina\Data aplikací\ATI
2008-10-20 22:49 . 2008-10-20 22:49 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-10-20 22:47 . 2008-10-20 22:47 <DIR> d-------- C:\ATI
2008-10-20 22:13 . 2008-10-20 22:13 <DIR> d-------- C:\Program Files\Lavalys
2008-10-20 21:38 . 2008-10-20 21:39 <DIR> d-------- C:\Program Files\EACOM
2008-10-20 21:36 . 2008-10-20 21:36 <DIR> d-------- C:\Program Files\EA SPORTS
2008-10-19 19:58 . 2008-10-19 19:58 <DIR> dr-h----- C:\Documents and Settings\Jiřina\Data aplikací\SecuROM
2008-10-19 19:58 . 2008-10-19 19:58 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-19 19:57 . 2008-10-19 19:57 <DIR> d-------- C:\ProgramData
2008-10-19 19:57 . 2008-10-19 19:57 6,046 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-10-19 19:33 . 2008-10-19 19:33 <DIR> d-------- C:\Documents and Settings\Jiřina\Data aplikací\Spore
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 18:18 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Skype
2008-11-02 09:39 --------- d-----w C:\Program Files\ICQToolbar
2008-11-01 20:19 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-11-01 20:19 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-10-29 12:57 --------- d-----w C:\Program Files\AviSynth 2.5
2008-10-29 12:55 --------- d-----w C:\Program Files\Peggle Deluxe
2008-10-29 12:52 --------- d-----w C:\Program Files\McDonaldsDragons
2008-10-26 18:14 --------- d-----w C:\Program Files\JetAudio
2008-10-20 21:50 --------- d-----w C:\Program Files\ATI Technologies
2008-10-20 20:39 28,624 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-10-20 20:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-19 18:57 --------- d-----w C:\Program Files\Electronic Arts
2008-10-12 15:15 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Nokia Multimedia Player
2008-10-02 12:05 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-09-29 15:22 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\ICQ
2008-09-28 08:28 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Alawar
2008-09-23 07:28 --------- d-----w C:\Program Files\ICQ6
2008-09-18 15:56 --------- d-----w C:\Program Files\Avi2Dvd
2008-09-13 16:32 --------- d-----w C:\Program Files\FlatOut
2008-09-13 15:58 --------- d-----w C:\Program Files\JoWooD
2008-09-11 20:36 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\uTorrent
2008-09-02 10:01 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Vso
2007-12-18 23:27 87,608 ----a-w C:\Documents and Settings\Jiřina\Data aplikací\ezpinst.exe
2007-12-18 23:27 47,360 ----a-w C:\Documents and Settings\Jiřina\Data aplikací\pcouffin.sys
2006-03-05 17:39 56 -csh--r C:\WINDOWS\system32\88AAAD13BA.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 1670144]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 23237416]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"NBJ"="E:\nero\Nero BackItUp\NBJ.exe" [2005-04-14 1957888]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-09-01 173304]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NodTrialReset"="regedit" [X]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 1056768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"SMail"="C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe" [2005-11-30 450560]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-08 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"Cmaudio"="cmicnfg.cpl" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 13312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
--a------ 2008-06-10 18:52 1447168 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
R1 epfwtdir;epfwtdir;C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 66048]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\System32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\s125obex.sys [2007-04-24 98696]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 19:29:38
Windows 5.1.2600 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2008-11-02 19:33:07
ComboFix-quarantined-files.txt 2008-11-02 18:33:03
ComboFix2.txt 2008-11-02 09:38:36
ComboFix3.txt 2008-11-01 19:43:57
ComboFix4.txt 2008-11-01 18:59:25
ComboFix5.txt 2008-11-02 18:26:15
Před spuštěním: 9 749 282 816
Po spuštění: 9,743,020,032
185 --- E O F --- 2007-12-04 09:48:32
Systém Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.131 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\Jiřina\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\Jiřina\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Resident AV is active
.
((((((((((((((((((((((((( Soubory vytvořené od 2008-10-02 do 2008-11-02 )))))))))))))))))))))))))))))))
.
2008-11-02 01:01 . 2004-08-03 14:05 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-11-02 01:01 . 2004-08-03 13:59 168,216 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-11-01 21:29 . 2004-09-03 05:31 2,596,864 -ra------ C:\WINDOWS\system\cmicnfg.cpl
2008-11-01 21:29 . 2004-02-17 03:51 1,458,176 -ra------ C:\WINDOWS\system\SmWizard.exe
2008-11-01 21:29 . 2005-05-12 07:21 1,332,544 -ra------ C:\WINDOWS\system32\drivers\cmuda.sys
2008-11-01 21:29 . 2002-04-29 08:04 917,504 -ra------ C:\WINDOWS\system\cmids3d.dll
2008-11-01 21:29 . 2001-11-23 05:08 712,704 -ra------ C:\WINDOWS\system32\Audio3D.dll
2008-11-01 21:29 . 2001-11-23 05:08 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2008-11-01 21:29 . 2004-04-23 08:02 233,472 -ra------ C:\WINDOWS\system32\cmirmdrv.exe
2008-11-01 21:29 . 2005-05-12 04:23 167,936 -ra------ C:\WINDOWS\system32\cmuda.dll
2008-11-01 21:29 . 2003-04-24 06:29 32,768 -ra------ C:\WINDOWS\system32\udaprop.dll
2008-11-01 21:29 . 2003-02-18 11:26 28,672 -ra------ C:\WINDOWS\system32\cmirmdrv.dll
2008-11-01 21:29 . 2001-10-24 12:25 22,016 --a------ C:\WINDOWS\system32\wdmaud.drv
2008-11-01 21:28 . 2002-08-29 02:01 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-11-01 21:28 . 2002-08-29 02:01 134,272 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2008-11-01 21:28 . 2002-08-29 01:32 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-11-01 21:28 . 2002-08-29 01:32 57,856 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-11-01 21:28 . 2008-11-01 21:28 171 --a------ C:\WINDOWS\system\CmiCnfg.ini
2008-11-01 21:27 . 2008-11-01 21:27 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-11-01 21:27 . 2003-07-22 11:15 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe
2008-11-01 21:07 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-11-01 21:03 . 2008-11-01 14:13 684 --a------ C:\WINDOWS\SetupNodTrialReset.reg
2008-11-01 21:03 . 2008-11-01 13:23 280 --a------ C:\WINDOWS\NodTrialReset.reg
2008-11-01 14:33 . 2008-11-01 14:33 0 --a------ C:\WINDOWS\system32\sert.tmp
2008-11-01 14:02 . 2008-11-01 14:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-11-01 12:38 . 2008-11-01 12:38 0 --a------ C:\23990098.$$$
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-11-01 12:32 . 2008-11-01 12:32 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-11-01 12:25 . 2008-11-01 12:25 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-11-01 12:25 . 2008-11-01 12:25 548,864 --a------ C:\WINDOWS\system32\msvcp80.dll
2008-11-01 12:25 . 2008-11-01 12:25 28,672 --a------ C:\WINDOWS\system32\eEmpty.exe
2008-11-01 12:25 . 2005-09-22 23:22 522 --a------ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest
2008-11-01 12:25 . 2008-11-01 12:32 54 --a------ C:\WINDOWS\Lic.xxx
2008-11-01 12:24 . 2008-11-01 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2008-11-01 12:24 . 2002-09-20 19:05 135,680 --a------ C:\WINDOWS\R.COM
2008-11-01 12:24 . 2002-09-20 19:05 130,048 --a------ C:\WINDOWS\system32\T.COM
2008-10-31 11:01 . 2008-10-31 11:01 18,944 --a------ C:\Documents and Settings\All Users\mo3TK.exe
2008-10-30 14:09 . 2008-10-30 14:09 <DIR> d-------- C:\Program Files\kX Project
2008-10-29 13:41 . 2008-10-29 13:41 <DIR> d-------- C:\My Downloads
2008-10-28 20:43 . 2008-10-28 21:47 <DIR> d-------- C:\Program Files\Undercover
2008-10-26 16:43 . 2008-10-26 16:43 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-10-26 16:43 . 2008-10-26 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar
2008-10-26 16:41 . 2008-10-26 16:44 <DIR> d-------- C:\Program Files\Winamp
2008-10-26 16:41 . 2008-10-26 19:22 <DIR> d-------- C:\Documents and Settings\Jiřina\Data aplikací\Winamp
2008-10-26 16:41 . 2007-03-08 00:51 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2008-10-26 16:41 . 2007-03-08 00:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-10-26 16:41 . 2007-03-08 00:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-10-26 13:54 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-10-26 13:54 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-26 13:54 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-10-26 13:54 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-10-26 13:54 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-10-26 13:54 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-10-26 13:54 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-10-26 13:54 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-10-26 13:54 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-10-26 13:54 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-10-26 13:54 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-10-26 13:53 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-10-26 13:53 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-10-26 13:51 . 2008-11-02 01:01 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-20 22:57 . 2008-10-20 22:57 <DIR> d-------- C:\Documents and Settings\Jiřina\Data aplikací\ATI
2008-10-20 22:49 . 2008-10-20 22:49 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2008-10-20 22:47 . 2008-10-20 22:47 <DIR> d-------- C:\ATI
2008-10-20 22:13 . 2008-10-20 22:13 <DIR> d-------- C:\Program Files\Lavalys
2008-10-20 21:38 . 2008-10-20 21:39 <DIR> d-------- C:\Program Files\EACOM
2008-10-20 21:36 . 2008-10-20 21:36 <DIR> d-------- C:\Program Files\EA SPORTS
2008-10-19 19:58 . 2008-10-19 19:58 <DIR> dr-h----- C:\Documents and Settings\Jiřina\Data aplikací\SecuROM
2008-10-19 19:58 . 2008-10-19 19:58 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-19 19:57 . 2008-10-19 19:57 <DIR> d-------- C:\ProgramData
2008-10-19 19:57 . 2008-10-19 19:57 6,046 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-10-19 19:33 . 2008-10-19 19:33 <DIR> d-------- C:\Documents and Settings\Jiřina\Data aplikací\Spore
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 18:18 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Skype
2008-11-02 09:39 --------- d-----w C:\Program Files\ICQToolbar
2008-11-01 20:19 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-11-01 20:19 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2008-10-29 12:57 --------- d-----w C:\Program Files\AviSynth 2.5
2008-10-29 12:55 --------- d-----w C:\Program Files\Peggle Deluxe
2008-10-29 12:52 --------- d-----w C:\Program Files\McDonaldsDragons
2008-10-26 18:14 --------- d-----w C:\Program Files\JetAudio
2008-10-20 21:50 --------- d-----w C:\Program Files\ATI Technologies
2008-10-20 20:39 28,624 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-10-20 20:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-19 18:57 --------- d-----w C:\Program Files\Electronic Arts
2008-10-12 15:15 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Nokia Multimedia Player
2008-10-02 12:05 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2008-09-29 15:22 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\ICQ
2008-09-28 08:28 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Alawar
2008-09-23 07:28 --------- d-----w C:\Program Files\ICQ6
2008-09-18 15:56 --------- d-----w C:\Program Files\Avi2Dvd
2008-09-13 16:32 --------- d-----w C:\Program Files\FlatOut
2008-09-13 15:58 --------- d-----w C:\Program Files\JoWooD
2008-09-11 20:36 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\uTorrent
2008-09-02 10:01 --------- d-----w C:\Documents and Settings\Jiřina\Data aplikací\Vso
2007-12-18 23:27 87,608 ----a-w C:\Documents and Settings\Jiřina\Data aplikací\ezpinst.exe
2007-12-18 23:27 47,360 ----a-w C:\Documents and Settings\Jiřina\Data aplikací\pcouffin.sys
2006-03-05 17:39 56 -csh--r C:\WINDOWS\system32\88AAAD13BA.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 13312]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 1670144]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 23237416]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 180736]
"NBJ"="E:\nero\Nero BackItUp\NBJ.exe" [2005-04-14 1957888]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-09-01 173304]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NodTrialReset"="regedit" [X]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-06-20 1056768]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 339968]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"SMail"="C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe" [2005-11-30 450560]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-08 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"Cmaudio"="cmicnfg.cpl" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 13312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
--a------ 2008-06-10 18:52 1447168 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
R1 epfwtdir;epfwtdir;C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys [2002-08-29 66048]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\System32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\s125obex.sys [2007-04-24 98696]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 19:29:38
Windows 5.1.2600 Service Pack 1 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
Celkový čas: 2008-11-02 19:33:07
ComboFix-quarantined-files.txt 2008-11-02 18:33:03
ComboFix2.txt 2008-11-02 09:38:36
ComboFix3.txt 2008-11-01 19:43:57
ComboFix4.txt 2008-11-01 18:59:25
ComboFix5.txt 2008-11-02 18:26:15
Před spuštěním: 9 749 282 816
Po spuštění: 9,743,020,032
185 --- E O F --- 2007-12-04 09:48:32
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43292
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: poprosím o kontrolu Logu
Takže zase žádný výmaz, něco děláš špatně, nebo to scriptem nejde..
použij Avenger
http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35
V hlavním dialogu je potřeba zvolit "Input script manually" a dále stisknout tlačítko s lupou. Otevře se editor, do kterého se již vkládají samotné "skripty".Skript se uvede do chodu stisknutím tlačítka se semaforem. Program se ještě zeptá, zda to myslíme vážně a následně nabídne okamžitý restart celého systému (doporučeno).
použij Avenger
http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35
V hlavním dialogu je potřeba zvolit "Input script manually" a dále stisknout tlačítko s lupou. Otevře se editor, do kterého se již vkládají samotné "skripty".Skript se uvede do chodu stisknutím tlačítka se semaforem. Program se ještě zeptá, zda to myslíme vážně a následně nabídne okamžitý restart celého systému (doporučeno).
Kód: Vybrat vše
Files to delete:
C:\WINDOWS\system32\sert.tmp
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: poprosím o kontrolu Logu
"Input script manually"
Nemohu najít
Nemohu najít
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43292
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: poprosím o kontrolu Logu
nj. je tam input script here. Do toho okénka dej zkopírovaný script ode mě a dej Execute. Vše je popsané v tom odkazu.Pak sem dej log z Avengeru.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: poprosím o kontrolu Logu
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 1)
Mon Nov 03 00:54:24 2008
00:54:24: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\sert.tmp" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 1)
Mon Nov 03 00:54:24 2008
00:54:24: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\sert.tmp" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43292
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: poprosím o kontrolu Logu
Fajn , takže ještě pošli log z HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: poprosím o kontrolu Logu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:14, on 3.11.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jiřina\Dokumenty\PC HELP\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLATOR\WEBIE.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLATOR\WEBIE.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\SRank.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SMail] "C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodTrialReset] regedit /s NodTrialReset.reg
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SC4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "E:\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZCxdm485YYCZ
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6082150829
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://host13.nwt.cz/activex/AMC.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://arcade.icq.com/online/online2/lu ... uncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://hostyn.nwt.cz/activex/AxisCamControl.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4833501F-48DB-419C-B74A-8F2674D3C08D}: NameServer = 10.10.10.1,10.10.10.2
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 12154 bytes
Scan saved at 13:11:14, on 3.11.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Jiřina\Dokumenty\PC HELP\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLATOR\WEBIE.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLATOR\WEBIE.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\SRank.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SMail] "C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\Postak.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodTrialReset] regedit /s NodTrialReset.reg
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SC4.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [NBJ] "E:\nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZCxdm485YYCZ
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLATOR\WEBIE.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 6082150829
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://host13.nwt.cz/activex/AMC.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://arcade.icq.com/online/online2/lu ... uncher.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://hostyn.nwt.cz/activex/AxisCamControl.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{4833501F-48DB-419C-B74A-8F2674D3C08D}: NameServer = 10.10.10.1,10.10.10.2
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 12154 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43292
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: poprosím o kontrolu Logu
Doinstalovat SP2
Aktualizovat IE na verzi 7.
Zapnout znovu rez. ochranu u NOD32. a spybotu.
Odinstaluj WinampToolbar
Fix v HJT:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Aktualizuj javu:
Java SE Runtime Environment 6u10
Je to vše.
Aktualizovat IE na verzi 7.
Zapnout znovu rez. ochranu u NOD32. a spybotu.
Odinstaluj WinampToolbar
Fix v HJT:
Kód: Vybrat vše
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Documents and Settings\BERY\Dokumenty\Hudba\Postak\Postak\SRank.dll (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O8 - Extra context menu item: &Search - ?p=ZCxdm485YYCZ
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Aktualizuj javu:
Java SE Runtime Environment 6u10
Je to vše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 119 hostů