Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:34, on 8.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\pomoc\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1957994488-1532298954-682003330-1047\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8848746890
O17 - HKLM\System\CCS\Services\Tcpip\..\{B980CDFD-3C18-4184-914D-85359D0E67C8}: NameServer = 10.254.254.254
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.121
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.121
O17 - HKLM\System\CS2\Services\Tcpip\..\{CBFB584B-75B6-416C-86B5-34523118B430}: NameServer = 85.255.115.19,85.255.112.121
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.121
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.121
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.121
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 11422 bytes
Prosím o kontr. logu - Win nevidí mechaniky
Prosím o kontr. logu - Win nevidí mechaniky
NB: HP ProBook 4720s (XX838EA)
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43339
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontr. logu - Win nevidí mechaniky
Vypni rez. ochrany u ESS.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontr. logu - Win nevidí mechaniky
ComboFix 09-03-06.02 - Pecxa.33 2009-03-08 17:10:20.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1023.397 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pecxa.33\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *disabled*
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Nabídka Start\Programy\Seekmo
c:\documents and settings\All Users\Nabídka Start\Programy\Seekmo\Reset Cursor.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Seekmo\Seekmo Customer Support Center.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Seekmo\Seekmo Uninstall Instructions.lnk
c:\documents and settings\Petr\Local Settings\Temporary Internet Files\MAILTRAN.INI
c:\documents and settings\Petr\Local Settings\Temporary Internet Files\TRNCOM.INI
c:\program files\Ofb1
c:\program files\Ofb1\Ofb1.dll
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-08 do 2009-03-08 )))))))))))))))))))))))))))))))
.
2009-03-08 14:37 . 2009-03-08 14:53 0 --a--c--- C:\23990098.$$$
2009-03-08 14:01 . 2009-03-08 14:01 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-03-08 14:01 . 2009-03-08 14:01 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-03-08 14:01 . 2009-03-08 14:01 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-03-08 14:01 . 2008-04-14 13:00 147,968 --a------ c:\windows\R.COM
2009-03-08 14:01 . 2008-04-14 13:00 137,216 --a------ c:\windows\system32\T.COM
2009-03-08 14:01 . 2009-03-08 14:01 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-03-08 14:01 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-08 12:10 . 2009-03-08 12:10 4,958,588 --a------ c:\windows\{00000001-00000000-00000008-00001102-00000008-10211102}.BAK
2009-03-08 10:14 . 2009-03-08 10:14 <DIR> d----c--- C:\adaptec
2009-03-07 20:26 . 2009-03-07 20:26 <DIR> d-------- c:\documents and settings\Pecxa.33\Data aplikací\DAEMON Tools Pro
2009-03-07 20:25 . 2009-03-07 20:25 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-03-07 20:25 . 2009-03-07 20:25 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-07 20:25 . 2009-03-07 20:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-03-07 20:21 . 2009-03-07 20:21 <DIR> d-------- c:\documents and settings\Pecxa.33\Data aplikací\DAEMON Tools Lite
2009-03-07 18:45 . 2002-05-06 11:01 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2009-03-07 18:45 . 2002-05-06 11:01 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Plocha
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Okolní tiskárny
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Okolní síť
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Oblíbené položky
2009-03-07 17:00 . 2009-01-09 12:59 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Šablony
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> dr------- c:\documents and settings\LogMeInRemoteUser\Nabídka Start
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Dokumenty
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> dr-h----- c:\documents and settings\LogMeInRemoteUser\Data aplikací
2009-03-07 17:00 . 2009-03-07 17:00 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser
2009-03-07 16:53 . 2009-03-07 16:53 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\LogMeIn
2009-03-07 16:53 . 2008-05-28 12:32 87,352 --a------ c:\windows\system32\LMIinit.dll.000.bak
2009-03-07 16:53 . 2009-03-07 16:54 87,352 --a------ c:\windows\system32\LMIinit.dll
2009-03-07 16:53 . 2008-05-28 12:33 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll.000.bak
2009-03-07 16:53 . 2009-03-07 16:54 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll
2009-03-07 16:53 . 2009-03-07 16:54 47,640 --a------ c:\windows\system32\drivers\LMIRfsDriver.sys
2009-03-07 16:53 . 2009-03-07 16:54 28,984 --a------ c:\windows\system32\LMIport.dll
2009-03-07 16:53 . 2009-03-07 16:53 1,024 --a--c--- C:\.rnd
2009-03-07 16:52 . 2009-03-08 09:51 <DIR> d-------- c:\program files\LogMeIn
2009-03-07 15:17 . 2009-03-07 15:18 <DIR> d-------- c:\program files\HWiNFO32
2009-02-22 14:27 . 2009-02-22 14:27 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-02-09 18:17 . 2009-02-09 18:18 <DIR> d-------- c:\program files\Counter-Strike 1.6 Patch Version 26
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2036-02-07 01:58 1,130,354 ----a-w c:\windows\system32\KAMENAK.scr
2009-03-08 16:12 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\Skype
2009-03-08 15:08 --------- d-----w c:\program files\BitComet
2009-03-08 15:05 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\skypePM
2009-03-08 11:34 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\Hamachi
2009-03-08 11:01 --------- d-----w c:\program files\CCleaner
2009-03-08 10:55 --------- d-----w c:\program files\Ahead
2009-03-08 10:27 --------- d-----w c:\program files\ICQToolbar
2009-03-08 08:35 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\ICQ Toolbar
2009-03-08 06:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania
2009-03-07 19:26 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\DAEMON Tools
2009-03-07 19:21 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-07 17:10 --------- d-----w c:\program files\D-Tools
2009-03-07 15:54 23,736 ----a-w c:\windows\system32\lmimirr.dll
2009-03-07 15:54 10,040 ----a-w c:\windows\system32\lmimirr2.dll
2009-03-07 15:40 --------- d-----w c:\program files\Ares
2009-02-27 17:51 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-12 17:48 --------- d-----w c:\program files\Hamachi
2009-02-09 16:52 --------- d-----w c:\program files\epson
2009-02-09 16:32 --------- d-----w c:\program files\Valve
2009-02-07 08:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 08:18 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\ICQ
2009-02-03 19:29 24,344 -c--a-w c:\documents and settings\Pecxa.33\Data aplikací\GDIPFONTCACHEV1.DAT
2009-01-28 15:21 --------- d-----w c:\program files\QIP
2009-01-26 16:44 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-20 14:47 --------- d-----w c:\documents and settings\Fica\Data aplikací\ESET
2009-01-19 18:06 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-18 11:22 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\OpenOffice.org
2009-01-15 18:47 --------- d-----w c:\program files\MediaCoder
2009-01-14 19:33 --------- d-----w c:\program files\QIP Infium
2009-01-14 19:32 --------- d-----w c:\program files\CSM2002
2009-01-14 14:43 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\ESET
2009-01-09 15:14 --------- d-----w c:\program files\Yahoo!
2009-01-09 15:13 --------- d-----w c:\program files\Google
2009-01-09 15:12 --------- d-----w c:\documents and settings\LuciE!E\Data aplikací\ESET
2009-01-09 15:09 --------- d-----w c:\program files\ESET
2009-01-02 13:18 21,840 -c--atw c:\windows\system32\SIntfNT.dll
2009-01-02 13:18 17,212 -c--atw c:\windows\system32\SIntf32.dll
2009-01-02 13:18 12,067 -c--atw c:\windows\system32\SIntf16.dll
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-17 16:27 410,780 ----a-w c:\windows\MarioForever_Toolbar_Uninstaller_6687.exe
2008-03-02 15:10 20,168 -c--a-w c:\documents and settings\Fica\Data aplikací\GDIPFONTCACHEV1.DAT
2008-02-26 13:29 20,168 -c--a-w c:\documents and settings\Petr\Data aplikací\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-23 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-09-22 57344]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-09-28 659456]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"CTHelper"="CTHELPER.EXE" [2005-06-18 c:\windows\CTHELPER.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\Pecxa.33\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-01-26 624416]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-04 393216]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-09-22 57344]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-05-15 98304]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-03-07 16:54 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *sprestrt
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9667:TCP"= 9667:TCP:BitComet 9667 TCP
"9667:UDP"= 9667:UDP:BitComet 9667 UDP
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2009-03-07 16872]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-10-24 468224]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-03-07 47640]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-04-14 69120]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - FLASHSYS
*NewlyCreated* - WEBNTACCESS
*Deregistered* - FLASHSYS
*Deregistered* - WEBNTACCESS
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8935de2-d330-11dd-8fea-0013d39cc1f3}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-LiveMonitor - c:\program files\MSI\Live Update 3\LMonitor.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {B980CDFD-3C18-4184-914D-85359D0E67C8} = 10.254.254.254
FF - ProfilePath - c:\documents and settings\Pecxa.33\Data aplikací\Mozilla\Firefox\Profiles\fveh1add.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 17:12:11
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1300)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2009-03-08 17:13:39
ComboFix-quarantined-files.txt 2009-03-08 16:13:22
Před spuštěním: 2,937,565,184
Po spuštění: 3,595,300,864
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
247 --- E O F --- 2009-02-26 20:43:24
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1023.397 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pecxa.33\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *disabled*
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Data aplikací\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Nabídka Start\Programy\Seekmo
c:\documents and settings\All Users\Nabídka Start\Programy\Seekmo\Reset Cursor.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Seekmo\Seekmo Customer Support Center.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Seekmo\Seekmo Uninstall Instructions.lnk
c:\documents and settings\Petr\Local Settings\Temporary Internet Files\MAILTRAN.INI
c:\documents and settings\Petr\Local Settings\Temporary Internet Files\TRNCOM.INI
c:\program files\Ofb1
c:\program files\Ofb1\Ofb1.dll
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-08 do 2009-03-08 )))))))))))))))))))))))))))))))
.
2009-03-08 14:37 . 2009-03-08 14:53 0 --a--c--- C:\23990098.$$$
2009-03-08 14:01 . 2009-03-08 14:01 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-03-08 14:01 . 2009-03-08 14:01 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-03-08 14:01 . 2009-03-08 14:01 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-03-08 14:01 . 2008-04-14 13:00 147,968 --a------ c:\windows\R.COM
2009-03-08 14:01 . 2008-04-14 13:00 137,216 --a------ c:\windows\system32\T.COM
2009-03-08 14:01 . 2009-03-08 14:01 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-03-08 14:01 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-08 12:10 . 2009-03-08 12:10 4,958,588 --a------ c:\windows\{00000001-00000000-00000008-00001102-00000008-10211102}.BAK
2009-03-08 10:14 . 2009-03-08 10:14 <DIR> d----c--- C:\adaptec
2009-03-07 20:26 . 2009-03-07 20:26 <DIR> d-------- c:\documents and settings\Pecxa.33\Data aplikací\DAEMON Tools Pro
2009-03-07 20:25 . 2009-03-07 20:25 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-03-07 20:25 . 2009-03-07 20:25 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-07 20:25 . 2009-03-07 20:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-03-07 20:21 . 2009-03-07 20:21 <DIR> d-------- c:\documents and settings\Pecxa.33\Data aplikací\DAEMON Tools Lite
2009-03-07 18:45 . 2002-05-06 11:01 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2009-03-07 18:45 . 2002-05-06 11:01 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Plocha
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Okolní tiskárny
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Okolní síť
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Oblíbené položky
2009-03-07 17:00 . 2009-01-09 12:59 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Šablony
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> dr------- c:\documents and settings\LogMeInRemoteUser\Nabídka Start
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Dokumenty
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> dr-h----- c:\documents and settings\LogMeInRemoteUser\Data aplikací
2009-03-07 17:00 . 2009-03-07 17:00 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser
2009-03-07 16:53 . 2009-03-07 16:53 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\LogMeIn
2009-03-07 16:53 . 2008-05-28 12:32 87,352 --a------ c:\windows\system32\LMIinit.dll.000.bak
2009-03-07 16:53 . 2009-03-07 16:54 87,352 --a------ c:\windows\system32\LMIinit.dll
2009-03-07 16:53 . 2008-05-28 12:33 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll.000.bak
2009-03-07 16:53 . 2009-03-07 16:54 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll
2009-03-07 16:53 . 2009-03-07 16:54 47,640 --a------ c:\windows\system32\drivers\LMIRfsDriver.sys
2009-03-07 16:53 . 2009-03-07 16:54 28,984 --a------ c:\windows\system32\LMIport.dll
2009-03-07 16:53 . 2009-03-07 16:53 1,024 --a--c--- C:\.rnd
2009-03-07 16:52 . 2009-03-08 09:51 <DIR> d-------- c:\program files\LogMeIn
2009-03-07 15:17 . 2009-03-07 15:18 <DIR> d-------- c:\program files\HWiNFO32
2009-02-22 14:27 . 2009-02-22 14:27 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-02-09 18:17 . 2009-02-09 18:18 <DIR> d-------- c:\program files\Counter-Strike 1.6 Patch Version 26
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2036-02-07 01:58 1,130,354 ----a-w c:\windows\system32\KAMENAK.scr
2009-03-08 16:12 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\Skype
2009-03-08 15:08 --------- d-----w c:\program files\BitComet
2009-03-08 15:05 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\skypePM
2009-03-08 11:34 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\Hamachi
2009-03-08 11:01 --------- d-----w c:\program files\CCleaner
2009-03-08 10:55 --------- d-----w c:\program files\Ahead
2009-03-08 10:27 --------- d-----w c:\program files\ICQToolbar
2009-03-08 08:35 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\ICQ Toolbar
2009-03-08 06:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania
2009-03-07 19:26 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\DAEMON Tools
2009-03-07 19:21 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-07 17:10 --------- d-----w c:\program files\D-Tools
2009-03-07 15:54 23,736 ----a-w c:\windows\system32\lmimirr.dll
2009-03-07 15:54 10,040 ----a-w c:\windows\system32\lmimirr2.dll
2009-03-07 15:40 --------- d-----w c:\program files\Ares
2009-02-27 17:51 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-12 17:48 --------- d-----w c:\program files\Hamachi
2009-02-09 16:52 --------- d-----w c:\program files\epson
2009-02-09 16:32 --------- d-----w c:\program files\Valve
2009-02-07 08:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 08:18 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\ICQ
2009-02-03 19:29 24,344 -c--a-w c:\documents and settings\Pecxa.33\Data aplikací\GDIPFONTCACHEV1.DAT
2009-01-28 15:21 --------- d-----w c:\program files\QIP
2009-01-26 16:44 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-20 14:47 --------- d-----w c:\documents and settings\Fica\Data aplikací\ESET
2009-01-19 18:06 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-18 11:22 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\OpenOffice.org
2009-01-15 18:47 --------- d-----w c:\program files\MediaCoder
2009-01-14 19:33 --------- d-----w c:\program files\QIP Infium
2009-01-14 19:32 --------- d-----w c:\program files\CSM2002
2009-01-14 14:43 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\ESET
2009-01-09 15:14 --------- d-----w c:\program files\Yahoo!
2009-01-09 15:13 --------- d-----w c:\program files\Google
2009-01-09 15:12 --------- d-----w c:\documents and settings\LuciE!E\Data aplikací\ESET
2009-01-09 15:09 --------- d-----w c:\program files\ESET
2009-01-02 13:18 21,840 -c--atw c:\windows\system32\SIntfNT.dll
2009-01-02 13:18 17,212 -c--atw c:\windows\system32\SIntf32.dll
2009-01-02 13:18 12,067 -c--atw c:\windows\system32\SIntf16.dll
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-17 16:27 410,780 ----a-w c:\windows\MarioForever_Toolbar_Uninstaller_6687.exe
2008-03-02 15:10 20,168 -c--a-w c:\documents and settings\Fica\Data aplikací\GDIPFONTCACHEV1.DAT
2008-02-26 13:29 20,168 -c--a-w c:\documents and settings\Petr\Data aplikací\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-23 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-09-22 57344]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-09-28 659456]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"CTHelper"="CTHELPER.EXE" [2005-06-18 c:\windows\CTHELPER.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\Pecxa.33\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-01-26 624416]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-04 393216]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-09-22 57344]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-05-15 98304]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-03-07 16:54 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *sprestrt
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9667:TCP"= 9667:TCP:BitComet 9667 TCP
"9667:UDP"= 9667:UDP:BitComet 9667 UDP
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2009-03-07 16872]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-10-24 468224]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-03-07 47640]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-04-14 69120]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - FLASHSYS
*NewlyCreated* - WEBNTACCESS
*Deregistered* - FLASHSYS
*Deregistered* - WEBNTACCESS
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8935de2-d330-11dd-8fea-0013d39cc1f3}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
MSConfigStartUp-LiveMonitor - c:\program files\MSI\Live Update 3\LMonitor.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {B980CDFD-3C18-4184-914D-85359D0E67C8} = 10.254.254.254
FF - ProfilePath - c:\documents and settings\Pecxa.33\Data aplikací\Mozilla\Firefox\Profiles\fveh1add.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 17:12:11
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1300)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2009-03-08 17:13:39
ComboFix-quarantined-files.txt 2009-03-08 16:13:22
Před spuštěním: 2,937,565,184
Po spuštění: 3,595,300,864
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
247 --- E O F --- 2009-02-26 20:43:24
NB: HP ProBook 4720s (XX838EA)
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43339
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontr. logu - Win nevidí mechaniky
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
C:\.rnd
c:\windows\system32\SIntfNT.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntf16.dll
c:\windows\MarioForever_Toolbar_Uninstaller_6687.exe
Vlož sem pak odkazy výsledků.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
C:\.rnd
c:\windows\system32\SIntfNT.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntf16.dll
c:\windows\MarioForever_Toolbar_Uninstaller_6687.exe
Vlož sem pak odkazy výsledků.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontr. logu - Win nevidí mechaniky
ComboFix 09-03-06.02 - Pecxa.33 2009-03-08 18:48:50.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1023.451 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pecxa.33\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pecxa.33\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *disabled*
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-08 do 2009-03-08 )))))))))))))))))))))))))))))))
.
2009-03-08 18:10 . 2002-05-06 11:01 45,056 --a------ c:\windows\system32\WNASPI2K.BAK
2009-03-08 18:10 . 2002-05-06 11:01 16,512 --a------ c:\windows\system32\drivers\ASPI2K.BAK
2009-03-08 18:10 . 2001-04-19 17:34 5,600 --a------ c:\windows\system\WINASPI.DLL
2009-03-08 18:10 . 2001-04-19 17:34 4,672 --a------ c:\windows\system\WOWPOST.EXE
2009-03-08 14:37 . 2009-03-08 14:53 0 --a--c--- C:\23990098.$$$
2009-03-08 14:01 . 2009-03-08 14:01 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-03-08 14:01 . 2009-03-08 14:01 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-03-08 14:01 . 2009-03-08 14:01 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-03-08 14:01 . 2008-04-14 13:00 147,968 --a------ c:\windows\R.COM
2009-03-08 14:01 . 2008-04-14 13:00 137,216 --a------ c:\windows\system32\T.COM
2009-03-08 14:01 . 2009-03-08 14:01 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-03-08 14:01 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-08 12:10 . 2009-03-08 12:10 4,958,588 --a------ c:\windows\{00000001-00000000-00000008-00001102-00000008-10211102}.BAK
2009-03-08 10:14 . 2009-03-08 10:14 <DIR> d----c--- C:\adaptec
2009-03-07 20:26 . 2009-03-07 20:26 <DIR> d-------- c:\documents and settings\Pecxa.33\Data aplikací\DAEMON Tools Pro
2009-03-07 20:25 . 2009-03-07 20:25 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-03-07 20:25 . 2009-03-07 20:25 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-07 20:25 . 2009-03-07 20:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-03-07 20:21 . 2009-03-07 20:21 <DIR> d-------- c:\documents and settings\Pecxa.33\Data aplikací\DAEMON Tools Lite
2009-03-07 18:45 . 2002-05-06 11:01 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2009-03-07 18:45 . 2002-05-06 11:01 17,005 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Plocha
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Okolní tiskárny
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Okolní síť
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Oblíbené položky
2009-03-07 17:00 . 2009-01-09 12:59 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Šablony
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> dr------- c:\documents and settings\LogMeInRemoteUser\Nabídka Start
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Dokumenty
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> dr-h----- c:\documents and settings\LogMeInRemoteUser\Data aplikací
2009-03-07 17:00 . 2009-03-07 17:00 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser
2009-03-07 16:53 . 2009-03-07 16:53 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\LogMeIn
2009-03-07 16:53 . 2008-05-28 12:32 87,352 --a------ c:\windows\system32\LMIinit.dll.000.bak
2009-03-07 16:53 . 2009-03-07 16:54 87,352 --a------ c:\windows\system32\LMIinit.dll
2009-03-07 16:53 . 2008-05-28 12:33 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll.000.bak
2009-03-07 16:53 . 2009-03-07 16:54 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll
2009-03-07 16:53 . 2009-03-07 16:54 47,640 --a------ c:\windows\system32\drivers\LMIRfsDriver.sys
2009-03-07 16:53 . 2009-03-07 16:54 28,984 --a------ c:\windows\system32\LMIport.dll
2009-03-07 16:53 . 2009-03-07 16:53 1,024 --a--c--- C:\.rnd
2009-03-07 16:52 . 2009-03-08 09:51 <DIR> d-------- c:\program files\LogMeIn
2009-03-07 15:17 . 2009-03-07 15:18 <DIR> d-------- c:\program files\HWiNFO32
2009-02-22 14:27 . 2009-02-22 14:27 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-02-09 18:17 . 2009-02-09 18:18 <DIR> d-------- c:\program files\Counter-Strike 1.6 Patch Version 26
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2036-02-07 01:58 1,130,354 ----a-w c:\windows\system32\KAMENAK.scr
2009-03-08 17:51 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\Skype
2009-03-08 17:17 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\Hamachi
2009-03-08 15:08 --------- d-----w c:\program files\BitComet
2009-03-08 15:05 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\skypePM
2009-03-08 11:01 --------- d-----w c:\program files\CCleaner
2009-03-08 10:55 --------- d-----w c:\program files\Ahead
2009-03-08 10:27 --------- d-----w c:\program files\ICQToolbar
2009-03-08 08:35 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\ICQ Toolbar
2009-03-08 06:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania
2009-03-07 19:26 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\DAEMON Tools
2009-03-07 19:21 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-07 17:10 --------- d-----w c:\program files\D-Tools
2009-03-07 15:54 23,736 ----a-w c:\windows\system32\lmimirr.dll
2009-03-07 15:54 10,040 ----a-w c:\windows\system32\lmimirr2.dll
2009-03-07 15:40 --------- d-----w c:\program files\Ares
2009-02-27 17:51 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-12 17:48 --------- d-----w c:\program files\Hamachi
2009-02-09 16:52 --------- d-----w c:\program files\epson
2009-02-09 16:32 --------- d-----w c:\program files\Valve
2009-02-07 08:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 08:18 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\ICQ
2009-02-03 19:29 24,344 -c--a-w c:\documents and settings\Pecxa.33\Data aplikací\GDIPFONTCACHEV1.DAT
2009-01-28 15:21 --------- d-----w c:\program files\QIP
2009-01-26 16:44 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-20 14:47 --------- d-----w c:\documents and settings\Fica\Data aplikací\ESET
2009-01-19 18:06 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-18 11:22 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\OpenOffice.org
2009-01-15 18:47 --------- d-----w c:\program files\MediaCoder
2009-01-14 19:33 --------- d-----w c:\program files\QIP Infium
2009-01-14 19:32 --------- d-----w c:\program files\CSM2002
2009-01-14 14:43 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\ESET
2009-01-09 15:14 --------- d-----w c:\program files\Yahoo!
2009-01-09 15:13 --------- d-----w c:\program files\Google
2009-01-09 15:12 --------- d-----w c:\documents and settings\LuciE!E\Data aplikací\ESET
2009-01-09 15:09 --------- d-----w c:\program files\ESET
2009-01-02 13:18 21,840 -c--atw c:\windows\system32\SIntfNT.dll
2009-01-02 13:18 17,212 -c--atw c:\windows\system32\SIntf32.dll
2009-01-02 13:18 12,067 -c--atw c:\windows\system32\SIntf16.dll
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-17 16:27 410,780 ----a-w c:\windows\MarioForever_Toolbar_Uninstaller_6687.exe
2008-03-02 15:10 20,168 -c--a-w c:\documents and settings\Fica\Data aplikací\GDIPFONTCACHEV1.DAT
2008-02-26 13:29 20,168 -c--a-w c:\documents and settings\Petr\Data aplikací\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-23 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-09-22 57344]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-09-28 659456]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"CTHelper"="CTHELPER.EXE" [2005-06-18 c:\windows\CTHELPER.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\Pecxa.33\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-01-26 624416]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-04 393216]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-09-22 57344]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-05-15 98304]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-03-07 16:54 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *sprestrt
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9667:TCP"= 9667:TCP:BitComet 9667 TCP
"9667:UDP"= 9667:UDP:BitComet 9667 UDP
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2009-03-07 16872]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-10-24 468224]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-03-07 47640]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-04-14 69120]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8935de2-d330-11dd-8fea-0013d39cc1f3}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {B980CDFD-3C18-4184-914D-85359D0E67C8} = 10.254.254.254
FF - ProfilePath - c:\documents and settings\Pecxa.33\Data aplikací\Mozilla\Firefox\Profiles\fveh1add.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 18:51:40
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1288)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2009-03-08 18:53:19
ComboFix-quarantined-files.txt 2009-03-08 17:53:00
ComboFix2.txt 2009-03-08 16:13:41
Před spuštěním: 3 622 494 208
Po spuštění: 3,614,765,056
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
218 --- E O F --- 2009-02-26 20:43:24
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:54, on 8.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
F:\pomoc\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-1957994488-1532298954-682003330-1047\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-1957994488-1532298954-682003330-1047\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8848746890
O17 - HKLM\System\CCS\Services\Tcpip\..\{B980CDFD-3C18-4184-914D-85359D0E67C8}: NameServer = 10.254.254.254
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.121
O17 - HKLM\System\CS2\Services\Tcpip\..\{CBFB584B-75B6-416C-86B5-34523118B430}: NameServer = 85.255.115.19,85.255.112.121
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.121
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 10383 bytes
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.1023.451 [GMT 1:00]
Spuštěný z: c:\documents and settings\Pecxa.33\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Pecxa.33\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *disabled*
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-08 do 2009-03-08 )))))))))))))))))))))))))))))))
.
2009-03-08 18:10 . 2002-05-06 11:01 45,056 --a------ c:\windows\system32\WNASPI2K.BAK
2009-03-08 18:10 . 2002-05-06 11:01 16,512 --a------ c:\windows\system32\drivers\ASPI2K.BAK
2009-03-08 18:10 . 2001-04-19 17:34 5,600 --a------ c:\windows\system\WINASPI.DLL
2009-03-08 18:10 . 2001-04-19 17:34 4,672 --a------ c:\windows\system\WOWPOST.EXE
2009-03-08 14:37 . 2009-03-08 14:53 0 --a--c--- C:\23990098.$$$
2009-03-08 14:01 . 2009-03-08 14:01 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-03-08 14:01 . 2009-03-08 14:01 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-03-08 14:01 . 2009-03-08 14:01 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-03-08 14:01 . 2008-04-14 13:00 147,968 --a------ c:\windows\R.COM
2009-03-08 14:01 . 2008-04-14 13:00 137,216 --a------ c:\windows\system32\T.COM
2009-03-08 14:01 . 2009-03-08 14:01 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-03-08 14:01 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-03-08 12:10 . 2009-03-08 12:10 4,958,588 --a------ c:\windows\{00000001-00000000-00000008-00001102-00000008-10211102}.BAK
2009-03-08 10:14 . 2009-03-08 10:14 <DIR> d----c--- C:\adaptec
2009-03-07 20:26 . 2009-03-07 20:26 <DIR> d-------- c:\documents and settings\Pecxa.33\Data aplikací\DAEMON Tools Pro
2009-03-07 20:25 . 2009-03-07 20:25 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-03-07 20:25 . 2009-03-07 20:25 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-07 20:25 . 2009-03-07 20:25 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-03-07 20:21 . 2009-03-07 20:21 <DIR> d-------- c:\documents and settings\Pecxa.33\Data aplikací\DAEMON Tools Lite
2009-03-07 18:45 . 2002-05-06 11:01 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2009-03-07 18:45 . 2002-05-06 11:01 17,005 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Plocha
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Okolní tiskárny
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Okolní síť
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Oblíbené položky
2009-03-07 17:00 . 2009-01-09 12:59 <DIR> d--h----- c:\documents and settings\LogMeInRemoteUser\Šablony
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> dr------- c:\documents and settings\LogMeInRemoteUser\Nabídka Start
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser\Dokumenty
2009-03-07 17:00 . 2004-01-01 01:39 <DIR> dr-h----- c:\documents and settings\LogMeInRemoteUser\Data aplikací
2009-03-07 17:00 . 2009-03-07 17:00 <DIR> d-------- c:\documents and settings\LogMeInRemoteUser
2009-03-07 16:53 . 2009-03-07 16:53 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\LogMeIn
2009-03-07 16:53 . 2008-05-28 12:32 87,352 --a------ c:\windows\system32\LMIinit.dll.000.bak
2009-03-07 16:53 . 2009-03-07 16:54 87,352 --a------ c:\windows\system32\LMIinit.dll
2009-03-07 16:53 . 2008-05-28 12:33 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll.000.bak
2009-03-07 16:53 . 2009-03-07 16:54 83,288 --a------ c:\windows\system32\LMIRfsClientNP.dll
2009-03-07 16:53 . 2009-03-07 16:54 47,640 --a------ c:\windows\system32\drivers\LMIRfsDriver.sys
2009-03-07 16:53 . 2009-03-07 16:54 28,984 --a------ c:\windows\system32\LMIport.dll
2009-03-07 16:53 . 2009-03-07 16:53 1,024 --a--c--- C:\.rnd
2009-03-07 16:52 . 2009-03-08 09:51 <DIR> d-------- c:\program files\LogMeIn
2009-03-07 15:17 . 2009-03-07 15:18 <DIR> d-------- c:\program files\HWiNFO32
2009-02-22 14:27 . 2009-02-22 14:27 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-02-09 18:17 . 2009-02-09 18:18 <DIR> d-------- c:\program files\Counter-Strike 1.6 Patch Version 26
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2036-02-07 01:58 1,130,354 ----a-w c:\windows\system32\KAMENAK.scr
2009-03-08 17:51 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\Skype
2009-03-08 17:17 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\Hamachi
2009-03-08 15:08 --------- d-----w c:\program files\BitComet
2009-03-08 15:05 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\skypePM
2009-03-08 11:01 --------- d-----w c:\program files\CCleaner
2009-03-08 10:55 --------- d-----w c:\program files\Ahead
2009-03-08 10:27 --------- d-----w c:\program files\ICQToolbar
2009-03-08 08:35 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\ICQ Toolbar
2009-03-08 06:38 --------- d-----w c:\documents and settings\All Users\Data aplikací\TrackMania
2009-03-07 19:26 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\DAEMON Tools
2009-03-07 19:21 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-07 17:10 --------- d-----w c:\program files\D-Tools
2009-03-07 15:54 23,736 ----a-w c:\windows\system32\lmimirr.dll
2009-03-07 15:54 10,040 ----a-w c:\windows\system32\lmimirr2.dll
2009-03-07 15:40 --------- d-----w c:\program files\Ares
2009-02-27 17:51 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-12 17:48 --------- d-----w c:\program files\Hamachi
2009-02-09 16:52 --------- d-----w c:\program files\epson
2009-02-09 16:32 --------- d-----w c:\program files\Valve
2009-02-07 08:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 08:18 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\ICQ
2009-02-03 19:29 24,344 -c--a-w c:\documents and settings\Pecxa.33\Data aplikací\GDIPFONTCACHEV1.DAT
2009-01-28 15:21 --------- d-----w c:\program files\QIP
2009-01-26 16:44 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-20 14:47 --------- d-----w c:\documents and settings\Fica\Data aplikací\ESET
2009-01-19 18:06 --------- d-----w c:\program files\OpenOffice.org 3
2009-01-18 11:22 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\OpenOffice.org
2009-01-15 18:47 --------- d-----w c:\program files\MediaCoder
2009-01-14 19:33 --------- d-----w c:\program files\QIP Infium
2009-01-14 19:32 --------- d-----w c:\program files\CSM2002
2009-01-14 14:43 --------- d-----w c:\documents and settings\Pecxa.33\Data aplikací\ESET
2009-01-09 15:14 --------- d-----w c:\program files\Yahoo!
2009-01-09 15:13 --------- d-----w c:\program files\Google
2009-01-09 15:12 --------- d-----w c:\documents and settings\LuciE!E\Data aplikací\ESET
2009-01-09 15:09 --------- d-----w c:\program files\ESET
2009-01-02 13:18 21,840 -c--atw c:\windows\system32\SIntfNT.dll
2009-01-02 13:18 17,212 -c--atw c:\windows\system32\SIntf32.dll
2009-01-02 13:18 12,067 -c--atw c:\windows\system32\SIntf16.dll
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-17 16:27 410,780 ----a-w c:\windows\MarioForever_Toolbar_Uninstaller_6687.exe
2008-03-02 15:10 20,168 -c--a-w c:\documents and settings\Fica\Data aplikací\GDIPFONTCACHEV1.DAT
2008-02-26 13:29 20,168 -c--a-w c:\documents and settings\Petr\Data aplikací\GDIPFONTCACHEV1.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-23 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTDVDDET"="c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-09-22 57344]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-09-28 659456]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-10-24 1451264]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"CTHelper"="CTHELPER.EXE" [2005-06-18 c:\windows\CTHELPER.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]
c:\documents and settings\Pecxa.33\Nabˇdka Start\Programy\Po spuçtŘnˇ\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-01-26 624416]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-04 393216]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Hlavnˇ panel ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-09-22 57344]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-05-15 98304]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-03-07 16:54 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *sprestrt
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9667:TCP"= 9667:TCP:BitComet 9667 TCP
"9667:UDP"= 9667:UDP:BitComet 9667 UDP
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2009-03-07 16872]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-10-24 468224]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-03-07 47640]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2008-04-14 69120]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8935de2-d330-11dd-8fea-0013d39cc1f3}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {B980CDFD-3C18-4184-914D-85359D0E67C8} = 10.254.254.254
FF - ProfilePath - c:\documents and settings\Pecxa.33\Data aplikací\Mozilla\Firefox\Profiles\fveh1add.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 18:51:40
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1288)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Celkový čas: 2009-03-08 18:53:19
ComboFix-quarantined-files.txt 2009-03-08 17:53:00
ComboFix2.txt 2009-03-08 16:13:41
Před spuštěním: 3 622 494 208
Po spuštění: 3,614,765,056
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
218 --- E O F --- 2009-02-26 20:43:24
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:54, on 8.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
F:\pomoc\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-1957994488-1532298954-682003330-1047\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-1957994488-1532298954-682003330-1047\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8848746890
O17 - HKLM\System\CCS\Services\Tcpip\..\{B980CDFD-3C18-4184-914D-85359D0E67C8}: NameServer = 10.254.254.254
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.121
O17 - HKLM\System\CS2\Services\Tcpip\..\{CBFB584B-75B6-416C-86B5-34523118B430}: NameServer = 85.255.115.19,85.255.112.121
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.121
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 10383 bytes
NB: HP ProBook 4720s (XX838EA)
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.
Re: Prosím o kontr. logu - Win nevidí mechaniky
http://www.virustotal.com/cs/analisis/e ... 2a690c3c99
http://www.virustotal.com/cs/analisis/f ... 891e10a292
http://www.virustotal.com/cs/analisis/3 ... ed05eb4b1b
http://www.virustotal.com/cs/analisis/6 ... 90a5dbe10a
http://www.virustotal.com/cs/analisis/8 ... 4a2be5392c
http://www.virustotal.com/cs/analisis/f ... 891e10a292
http://www.virustotal.com/cs/analisis/3 ... ed05eb4b1b
http://www.virustotal.com/cs/analisis/6 ... 90a5dbe10a
http://www.virustotal.com/cs/analisis/8 ... 4a2be5392c
NB: HP ProBook 4720s (XX838EA)
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43339
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontr. logu - Win nevidí mechaniky
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontr. logu - Win nevidí mechaniky
Omlouvám se za zpoždění
Malwarebytes' Anti-Malware 1.34
Verze databáze: 1831
Windows 5.1.2600 Service Pack 3
10.3.2009 19:37:47
mbam-log-2009-03-10 (19-37-40).txt
Typ skenu: Rychlý sken
Objektu skenováno: 86860
Uplynulý cas: 5 minute(s), 1 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 18
Infikované hodnoty registru: 0
Infikované položky dat registru: 8
Infikované složky: 0
Infikované soubory: 2
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.19 85.255.112.121 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{cbfb584b-75b6-416c-86b5-34523118b430}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{cbfb584b-75b6-416c-86b5-34523118b430}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d1adb660-625d-467d-9af4-1e00a93f3859}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.19 85.255.112.121 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cbfb584b-75b6-416c-86b5-34523118b430}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cbfb584b-75b6-416c-86b5-34523118b430}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d1adb660-625d-467d-9af4-1e00a93f3859}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> No action taken.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\WINDOWS\system32\systems.txt (Trojan.Vundo) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.
Malwarebytes' Anti-Malware 1.34
Verze databáze: 1831
Windows 5.1.2600 Service Pack 3
10.3.2009 19:37:47
mbam-log-2009-03-10 (19-37-40).txt
Typ skenu: Rychlý sken
Objektu skenováno: 86860
Uplynulý cas: 5 minute(s), 1 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 18
Infikované hodnoty registru: 0
Infikované položky dat registru: 8
Infikované složky: 0
Infikované soubory: 2
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> No action taken.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.19 85.255.112.121 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{cbfb584b-75b6-416c-86b5-34523118b430}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{cbfb584b-75b6-416c-86b5-34523118b430}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d1adb660-625d-467d-9af4-1e00a93f3859}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.19 85.255.112.121 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cbfb584b-75b6-416c-86b5-34523118b430}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cbfb584b-75b6-416c-86b5-34523118b430}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d1adb660-625d-467d-9af4-1e00a93f3859}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> No action taken.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\WINDOWS\system32\systems.txt (Trojan.Vundo) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> No action taken.
NB: HP ProBook 4720s (XX838EA)
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43339
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontr. logu - Win nevidí mechaniky
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log + nový log z HJT.
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log + nový log z HJT.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontr. logu - Win nevidí mechaniky
Malwarebytes' Anti-Malware 1.34
Verze databáze: 1831
Windows 5.1.2600 Service Pack 3
10.3.2009 20:06:20
mbam-log-2009-03-10 (20-06-20).txt
Typ skenu: Rychlý sken
Objektu skenováno: 86913
Uplynulý cas: 4 minute(s), 6 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 18
Infikované hodnoty registru: 0
Infikované položky dat registru: 8
Infikované složky: 0
Infikované soubory: 2
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.19 85.255.112.121 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{cbfb584b-75b6-416c-86b5-34523118b430}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{cbfb584b-75b6-416c-86b5-34523118b430}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d1adb660-625d-467d-9af4-1e00a93f3859}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.19 85.255.112.121 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cbfb584b-75b6-416c-86b5-34523118b430}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cbfb584b-75b6-416c-86b5-34523118b430}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d1adb660-625d-467d-9af4-1e00a93f3859}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> Quarantined and deleted successfully.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\WINDOWS\system32\systems.txt (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:33, on 10.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
F:\pomoc\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-1957994488-1532298954-682003330-1047\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-1957994488-1532298954-682003330-1047\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8848746890
O17 - HKLM\System\CCS\Services\Tcpip\..\{B980CDFD-3C18-4184-914D-85359D0E67C8}: NameServer = 10.254.254.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 10383 bytes
Restarováno!!!
Verze databáze: 1831
Windows 5.1.2600 Service Pack 3
10.3.2009 20:06:20
mbam-log-2009-03-10 (20-06-20).txt
Typ skenu: Rychlý sken
Objektu skenováno: 86913
Uplynulý cas: 4 minute(s), 6 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 18
Infikované hodnoty registru: 0
Infikované položky dat registru: 8
Infikované složky: 0
Infikované soubory: 2
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1f158a1e-a687-4a11-9679-b3ac64b86a1c} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e313f5dc-cfe7-4568-84a4-c76653547571} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{914a8f99-38e4-47ec-b875-2b0653516030} (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Adware.BHO) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.19 85.255.112.121 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{cbfb584b-75b6-416c-86b5-34523118b430}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{cbfb584b-75b6-416c-86b5-34523118b430}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d1adb660-625d-467d-9af4-1e00a93f3859}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.19 85.255.112.121 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cbfb584b-75b6-416c-86b5-34523118b430}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cbfb584b-75b6-416c-86b5-34523118b430}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{d1adb660-625d-467d-9af4-1e00a93f3859}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.19,85.255.112.121 -> Quarantined and deleted successfully.
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
C:\WINDOWS\system32\systems.txt (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\ICQToolbar\toolbaru.dll (Adware.BHO) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:33, on 10.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
F:\pomoc\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-1957994488-1532298954-682003330-1047\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-1957994488-1532298954-682003330-1047\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Hlavní panel ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8848746890
O17 - HKLM\System\CCS\Services\Tcpip\..\{B980CDFD-3C18-4184-914D-85359D0E67C8}: NameServer = 10.254.254.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINDOWS\system32\OOD2000.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 10383 bytes
Restarováno!!!
NB: HP ProBook 4720s (XX838EA)
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43339
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontr. logu - Win nevidí mechaniky
O.K.
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Nainstaluj si javu:
Java SE Runtime Environment 6u12
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u12-windows-i586-p.exe
Pokud nejsou problémy , je to vše.
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Kód: Vybrat vše
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Nainstaluj si javu:
Java SE Runtime Environment 6u12
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u12-windows-i586-p.exe
Pokud nejsou problémy , je to vše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontr. logu - Win nevidí mechaniky
super - dííky mooc.
Nevíš o někom kdo by mi pomohl s těmi nefunkčními mechanikami?
BIOS je vidí a normálně BOOTují, Win ovšem je nevidí. Už jsem pročetl a zkusil kdeco - marně a nechce se mi instalovat OS.
Nevíš o někom kdo by mi pomohl s těmi nefunkčními mechanikami?
BIOS je vidí a normálně BOOTují, Win ovšem je nevidí. Už jsem pročetl a zkusil kdeco - marně a nechce se mi instalovat OS.
NB: HP ProBook 4720s (XX838EA)
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.
PC: AMD Phenom II X4 925; MB GA-770T-USB3; RAM Zeppelin Gold - Evolve 4GB (kit 2x 2GB) 1600MHz; Sapphire ATI Radeon HD 5750 512MB DDR5; W7 HP 64-bit.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti