ahoj potreboval by som skontrolovat log lebo mi strasne ide pomaly PC
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:56, on 17.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\fk\Local Settings\Application Data\Microsoft\Windows\services.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
D:\uživatelia\Matej\Miranda IM\miranda32.exe
D:\uživatelia\Matej\pre PC\HJT\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [iv] "C:\Documents and Settings\fk\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://arcade.icq.com/online/online2/lu ... uncher.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c98fa4c6fabf20) (gupdate1c98fa4c6fabf20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Guard Service (ITGrdEngine) - Unknown owner - C:\Documents and Settings\fk\Local Settings\Application Data\Microsoft\Windows\services.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 7095 bytes
Kontrola logu z HJT
-
mates13494
- Level 1.5
- Příspěvky: 103
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
-
mates13494
- Level 1.5
- Příspěvky: 103
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu z HJT
pls skontrolujte to niekto. nemsite hned ale len napiste ze sa na to kuknete
-
Marek Minkes
- Level 2
- Příspěvky: 190
- Registrován: březen 09
- Bydliště: Praha
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu z HJT
Cauky Jaro3 se ti na to na 100 pero mrkne jestli ne dnes tak zitra tak se neboj 
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu z HJT
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
mates13494
- Level 1.5
- Příspěvky: 103
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu z HJT
Malwarebytes' Anti-Malware 1.34
Verzia databázy: 1862
Windows 5.1.2600 Service Pack 2
18.3.2009 15:30:18
mbam-log-2009-03-18 (15-30-09).txt
Typ kontroly: Rýchla
Objektov kontrolovaných: 74115
Uplynutý cas: 3 minute(s), 16 second(s)
Infikovaných procesov pamäte: 1
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 4
Infikovaných registracných hodnôt: 1
Infikovaných registracných údajov položiek: 3
Infikovaných priecinkov: 5
Infikovaných súborov: 25
Infikovaných procesov pamäte:
C:\Documents and Settings\fk\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> No action taken.
Infikovaných modulov pamäte:
(Žiadne škodlivé položky)
Infikovaných registracných klúcov:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internet antivirus pro_is1 (Rogue.InternetAntivirus) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\itgrdengine (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\itgrdengine (Trojan.FakeAlert) -> No action taken.
Infikovaných registracných hodnôt:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\iv (Rogue.InternetAntivirus) -> No action taken.
Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikovaných priecinkov:
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro\db (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\db (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\Languages (Rogue.InternetAntivirus) -> No action taken.
Infikovaných súborov:
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> No action taken.
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro\settings.ini (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro\uill.ini (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro\unins000.exe (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro\Uninstall Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro\db\config.cfg (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro\db\Timeout.inf (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro\db\Urls.inf (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\activate.ico (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\Explorer.ico (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\unins000.dat (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\uninstall.ico (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\working.log (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\db\DBInfo.ver (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\db\ia080614.db (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\Languages\IAEs.lng (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\Languages\IAFr.lng (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\Languages\IAGer.lng (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\Languages\IAIt.lng (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Common Files\InternetAntivirusPro.exe (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Application Data\Microsoft\Windows\winlogon.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\fk\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Common Files\file.exe (Rogue.InternetAntivirus) -> No action taken.
Verzia databázy: 1862
Windows 5.1.2600 Service Pack 2
18.3.2009 15:30:18
mbam-log-2009-03-18 (15-30-09).txt
Typ kontroly: Rýchla
Objektov kontrolovaných: 74115
Uplynutý cas: 3 minute(s), 16 second(s)
Infikovaných procesov pamäte: 1
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 4
Infikovaných registracných hodnôt: 1
Infikovaných registracných údajov položiek: 3
Infikovaných priecinkov: 5
Infikovaných súborov: 25
Infikovaných procesov pamäte:
C:\Documents and Settings\fk\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> No action taken.
Infikovaných modulov pamäte:
(Žiadne škodlivé položky)
Infikovaných registracných klúcov:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internet antivirus pro_is1 (Rogue.InternetAntivirus) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\itgrdengine (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\itgrdengine (Trojan.FakeAlert) -> No action taken.
Infikovaných registracných hodnôt:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\iv (Rogue.InternetAntivirus) -> No action taken.
Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikovaných priecinkov:
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro\db (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\db (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\Languages (Rogue.InternetAntivirus) -> No action taken.
Infikovaných súborov:
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> No action taken.
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro\settings.ini (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro\uill.ini (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro\unins000.exe (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro\Uninstall Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro\db\config.cfg (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro\db\Timeout.inf (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Application Data\Internet Antivirus Pro\db\Urls.inf (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\activate.ico (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\Explorer.ico (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\unins000.dat (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\uninstall.ico (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\working.log (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\db\DBInfo.ver (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\db\ia080614.db (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\Languages\IAEs.lng (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\Languages\IAFr.lng (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\Languages\IAGer.lng (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Internet Antivirus Pro\Languages\IAIt.lng (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Local Settings\Application Data\Microsoft\Windows\pguard.ini (Rogue.InternetAntivirus) -> No action taken.
C:\Program Files\Common Files\InternetAntivirusPro.exe (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Local Settings\Application Data\Microsoft\Internet Explorer\iv.exe (Rogue.InternetAntivirus) -> No action taken.
C:\Documents and Settings\fk\Application Data\Microsoft\Windows\winlogon.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\fk\Local Settings\Application Data\Microsoft\Windows\services.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Common Files\file.exe (Rogue.InternetAntivirus) -> No action taken.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu z HJT
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Po odvirování si stáhni nějaký free antivir (Avast, Avira, AVG...).
Poté :
Vypni rez. štít u SpywareTerminatora.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Po odvirování si stáhni nějaký free antivir (Avast, Avira, AVG...).
Poté :
Vypni rez. štít u SpywareTerminatora.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
mates13494
- Level 1.5
- Příspěvky: 103
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu z HJT
tento log neviem ci bude dobry lebo hned ked som dal odstranit tie subory tak mi automaticky restartovalo PC ale potom som urobil novy
Malwarebytes' Anti-Malware 1.34
Verzia databázy: 1862
Windows 5.1.2600 Service Pack 2
18.3.2009 17:09:48
mbam-log-2009-03-18 (17-09-48).txt
Typ kontroly: Rýchla
Objektov kontrolovaných: 73957
Uplynutý cas: 2 minute(s), 21 second(s)
Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0
Infikovaných procesov pamäte:
(Žiadne škodlivé položky)
Infikovaných modulov pamäte:
(Žiadne škodlivé položky)
Infikovaných registracných klúcov:
(Žiadne škodlivé položky)
Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)
Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)
Infikovaných priecinkov:
(Žiadne škodlivé položky)
Infikovaných súborov:
(Žiadne škodlivé položky)
Malwarebytes' Anti-Malware 1.34
Verzia databázy: 1862
Windows 5.1.2600 Service Pack 2
18.3.2009 17:09:48
mbam-log-2009-03-18 (17-09-48).txt
Typ kontroly: Rýchla
Objektov kontrolovaných: 73957
Uplynutý cas: 2 minute(s), 21 second(s)
Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0
Infikovaných procesov pamäte:
(Žiadne škodlivé položky)
Infikovaných modulov pamäte:
(Žiadne škodlivé položky)
Infikovaných registracných klúcov:
(Žiadne škodlivé položky)
Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)
Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)
Infikovaných priecinkov:
(Žiadne škodlivé položky)
Infikovaných súborov:
(Žiadne škodlivé položky)
-
mates13494
- Level 1.5
- Příspěvky: 103
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu z HJT
ComboFix 09-03-15.01 - fk 2009-03-18 17:11:54.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.624 [GMT 1:00]
Running from: c:\documents and settings\fk\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.
2009-03-18 15:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 15:25 . 2009-03-18 15:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 15:25 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-17 17:55 . 2009-03-17 17:55 <DIR> d-------- c:\program files\CCleaner
2009-03-15 15:13 . 2009-03-15 15:16 <DIR> d-------- c:\program files\ICQ6.5
2009-03-09 19:35 . 2009-03-18 15:26 235 --a------ c:\windows\system32\BIN_STRSBW.SPT
2009-03-09 14:31 . 2009-03-16 18:20 <DIR> d-------- c:\program files\WinClamAVShield
2009-03-09 13:49 . 2009-03-17 17:57 <DIR> d-------- c:\program files\Spyware Terminator
2009-03-09 13:49 . 2009-03-09 13:49 <DIR> d-------- c:\program files\Crawler
2009-03-09 13:49 . 2009-03-18 17:09 <DIR> d-------- c:\documents and settings\fk\Application Data\Spyware Terminator
2009-03-09 13:49 . 2009-03-17 22:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-03-09 13:49 . 2009-03-09 13:49 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-25 10:56 . 2009-02-25 10:56 <DIR> d-------- c:\program files\Common Files\DirectX
2009-02-23 20:47 . 2009-02-23 20:47 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-23 20:41 . 2009-02-23 20:47 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\documents and settings\fk\Application Data\Malwarebytes
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 12:20 . 2009-02-22 12:20 45 --a------ c:\windows\system32\initdebug.nfo
2009-02-22 11:12 . 2009-02-22 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-22 11:11 . 2009-02-22 11:11 0 --a------ c:\windows\ativpsrm.bin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 13:39 --------- d-----w c:\documents and settings\fk\Application Data\Skype
2009-03-17 08:34 --------- d-----w c:\documents and settings\fk\Application Data\skypePM
2009-03-09 18:52 --------- d-----w c:\program files\ICQ6
2009-03-09 13:08 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-09 13:08 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-25 15:52 --------- d--h--w c:\program files\Miranda IM
2009-02-24 10:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 19:47 --------- d-----w c:\program files\Java
2009-02-22 10:09 --------- d-----w c:\program files\ATI Technologies
2009-02-16 05:18 --------- d-----w c:\program files\Google
2009-02-15 18:27 --------- d-----w c:\program files\UberIcon
2009-02-15 18:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-15 18:23 --------- d-----w c:\program files\7-Zip
2009-02-15 18:18 --------- d-----w c:\documents and settings\fk\Application Data\360desktop
2009-02-14 16:09 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-11 20:49 --------- d-----w c:\documents and settings\fk\Application Data\gtk-2.0
2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 05:57 11,702,272 ----a-w c:\windows\system32\atioglxx.dll
2009-02-04 05:03 290,816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-04 04:56 442,368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-04 04:55 324,096 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-04 04:44 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-04 04:44 155,648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-04 04:43 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-04 04:43 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-04 04:43 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-04 04:41 602,112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-04 04:40 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-04 04:30 3,884,768 ----a-w c:\windows\system32\ati3duag.dll
2009-02-04 04:14 2,645,504 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-04 03:58 49,664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-04 03:54 471,040 ----a-w c:\windows\system32\atikvmag.dll
2009-02-04 03:53 122,880 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-04 03:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-04 03:46 626,688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-04 03:44 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-04 02:43 45,056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-04 02:42 45,056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-04 02:40 3,244,032 ----a-w c:\windows\system32\aticaldd.dll
2009-02-03 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2009-02-01 19:35 --------- d-----w c:\documents and settings\fk\Application Data\Hamachi
2009-01-25 12:32 --------- d-----w c:\program files\GIMP-2.0
2009-01-24 20:14 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-23 14:38 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-23 14:38 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-23 14:29 22,328 ----a-w c:\documents and settings\fk\Application Data\PnkBstrK.sys
2009-01-20 12:44 --------- d-----w c:\program files\FOXCONN
2009-01-19 15:26 --------- d-----w c:\program files\Conduit
2009-01-18 11:01 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-18 11:01 --------- d-----w c:\program files\Hamachi
2008-03-02 17:11 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-23 148888]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-03-09 2233856]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^T-Com Softphone Slovak.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\T-Com Softphone Slovak.lnk
backup=c:\windows\pss\T-Com Softphone Slovak.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Rychlé hledání Microsoft.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Rychlé hledání Microsoft.lnk
backup=c:\windows\pss\Rychlé hledání Microsoft.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Spuštění Office.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Spuštění Office.lnk
backup=c:\windows\pss\Spuštění Office.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-12-31 15:29 962560 c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\games\\FIFA 2008\\FIFA08.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\games\\COD\\iw3mp.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\uživatelia\\Matej\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-03-09 142592]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S2 gupdate1c98fa4c6fabf20;Google Update Service (gupdate1c98fa4c6fabf20);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
S3 FXDrv32;FXDrv32;\??\w:\fxdrv32.sys --> w:\FXDrv32.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7981bac-ec2c-11dc-925f-001c250dcc60}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-03-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 20:36]
2009-03-18 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
2008-10-23 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Internet Antivirus Pro - c:\program files\Internet Antivirus Pro\IAPro.exe
MSConfigStartUp-Microsoft Windows logon process - c:\documents and settings\fk\Application Data\Microsoft\Windows\winlogon.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\fk\Application Data\Mozilla\Firefox\Profiles\xbokys09.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 17:13:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7159C5B-B59F-BE8D-564F-510D95E23D1C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacpmakmnbhehgcn"=hex:61,61,00,7e
"hacpmakmicomcbja"=hex:61,61,00,7e
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2009-03-18 17:13:58
ComboFix-quarantined-files.txt 2009-03-18 16:13:57
Pre-Run: 31 269 744 640 bytes free
Post-Run: 13 adresárov, 31,260,725,248 voľných bajtov
206 --- E O F --- 2008-04-10 11:34:20
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.624 [GMT 1:00]
Running from: c:\documents and settings\fk\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.
2009-03-18 15:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 15:25 . 2009-03-18 15:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 15:25 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-17 17:55 . 2009-03-17 17:55 <DIR> d-------- c:\program files\CCleaner
2009-03-15 15:13 . 2009-03-15 15:16 <DIR> d-------- c:\program files\ICQ6.5
2009-03-09 19:35 . 2009-03-18 15:26 235 --a------ c:\windows\system32\BIN_STRSBW.SPT
2009-03-09 14:31 . 2009-03-16 18:20 <DIR> d-------- c:\program files\WinClamAVShield
2009-03-09 13:49 . 2009-03-17 17:57 <DIR> d-------- c:\program files\Spyware Terminator
2009-03-09 13:49 . 2009-03-09 13:49 <DIR> d-------- c:\program files\Crawler
2009-03-09 13:49 . 2009-03-18 17:09 <DIR> d-------- c:\documents and settings\fk\Application Data\Spyware Terminator
2009-03-09 13:49 . 2009-03-17 22:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-03-09 13:49 . 2009-03-09 13:49 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-25 10:56 . 2009-02-25 10:56 <DIR> d-------- c:\program files\Common Files\DirectX
2009-02-23 20:47 . 2009-02-23 20:47 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-23 20:41 . 2009-02-23 20:47 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\documents and settings\fk\Application Data\Malwarebytes
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 12:20 . 2009-02-22 12:20 45 --a------ c:\windows\system32\initdebug.nfo
2009-02-22 11:12 . 2009-02-22 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-22 11:11 . 2009-02-22 11:11 0 --a------ c:\windows\ativpsrm.bin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-17 13:39 --------- d-----w c:\documents and settings\fk\Application Data\Skype
2009-03-17 08:34 --------- d-----w c:\documents and settings\fk\Application Data\skypePM
2009-03-09 18:52 --------- d-----w c:\program files\ICQ6
2009-03-09 13:08 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-09 13:08 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-25 15:52 --------- d--h--w c:\program files\Miranda IM
2009-02-24 10:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 19:47 --------- d-----w c:\program files\Java
2009-02-22 10:09 --------- d-----w c:\program files\ATI Technologies
2009-02-16 05:18 --------- d-----w c:\program files\Google
2009-02-15 18:27 --------- d-----w c:\program files\UberIcon
2009-02-15 18:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-15 18:23 --------- d-----w c:\program files\7-Zip
2009-02-15 18:18 --------- d-----w c:\documents and settings\fk\Application Data\360desktop
2009-02-14 16:09 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-11 20:49 --------- d-----w c:\documents and settings\fk\Application Data\gtk-2.0
2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 05:57 11,702,272 ----a-w c:\windows\system32\atioglxx.dll
2009-02-04 05:03 290,816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-04 04:56 442,368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-04 04:55 324,096 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-04 04:44 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-04 04:44 155,648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-04 04:43 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-04 04:43 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-04 04:43 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-04 04:41 602,112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-04 04:40 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-04 04:30 3,884,768 ----a-w c:\windows\system32\ati3duag.dll
2009-02-04 04:14 2,645,504 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-04 03:58 49,664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-04 03:54 471,040 ----a-w c:\windows\system32\atikvmag.dll
2009-02-04 03:53 122,880 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-04 03:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-04 03:46 626,688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-04 03:44 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-04 02:43 45,056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-04 02:42 45,056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-04 02:40 3,244,032 ----a-w c:\windows\system32\aticaldd.dll
2009-02-03 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2009-02-01 19:35 --------- d-----w c:\documents and settings\fk\Application Data\Hamachi
2009-01-25 12:32 --------- d-----w c:\program files\GIMP-2.0
2009-01-24 20:14 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-23 14:38 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-23 14:38 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-23 14:29 22,328 ----a-w c:\documents and settings\fk\Application Data\PnkBstrK.sys
2009-01-20 12:44 --------- d-----w c:\program files\FOXCONN
2009-01-19 15:26 --------- d-----w c:\program files\Conduit
2009-01-18 11:01 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-18 11:01 --------- d-----w c:\program files\Hamachi
2008-03-02 17:11 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-23 148888]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-03-09 2233856]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^T-Com Softphone Slovak.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\T-Com Softphone Slovak.lnk
backup=c:\windows\pss\T-Com Softphone Slovak.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Rychlé hledání Microsoft.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Rychlé hledání Microsoft.lnk
backup=c:\windows\pss\Rychlé hledání Microsoft.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Spuštění Office.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Spuštění Office.lnk
backup=c:\windows\pss\Spuštění Office.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-12-31 15:29 962560 c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\games\\FIFA 2008\\FIFA08.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\games\\COD\\iw3mp.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\uživatelia\\Matej\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-03-09 142592]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S2 gupdate1c98fa4c6fabf20;Google Update Service (gupdate1c98fa4c6fabf20);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
S3 FXDrv32;FXDrv32;\??\w:\fxdrv32.sys --> w:\FXDrv32.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7981bac-ec2c-11dc-925f-001c250dcc60}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-03-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 20:36]
2009-03-18 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
2008-10-23 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Internet Antivirus Pro - c:\program files\Internet Antivirus Pro\IAPro.exe
MSConfigStartUp-Microsoft Windows logon process - c:\documents and settings\fk\Application Data\Microsoft\Windows\winlogon.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\fk\Application Data\Mozilla\Firefox\Profiles\xbokys09.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 17:13:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7159C5B-B59F-BE8D-564F-510D95E23D1C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacpmakmnbhehgcn"=hex:61,61,00,7e
"hacpmakmicomcbja"=hex:61,61,00,7e
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2009-03-18 17:13:58
ComboFix-quarantined-files.txt 2009-03-18 16:13:57
Pre-Run: 31 269 744 640 bytes free
Post-Run: 13 adresárov, 31,260,725,248 voľných bajtov
206 --- E O F --- 2008-04-10 11:34:20
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu z HJT
Odinstaluj: Winferno
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\ativpsrm.bin
c:\windows\Tasks\rpc.job
c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
Folder::
c:\program files\Winferno
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
mates13494
- Level 1.5
- Příspěvky: 103
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu z HJT
pepaz ze sa pytam ale ja neve, co je to Winferno a ked som dal to vyhladat v PC tak mi nic nenaslo
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu z HJT
O.K. pokračuj tím scriptem ,ten to odstřelí. Kouknu se zítra...
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
mates13494
- Level 1.5
- Příspěvky: 103
- Registrován: únor 09
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu z HJT
ComboFix 09-03-15.01 - fk 2009-03-18 21:01:26.7 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.618 [GMT 1:00]
Running from: c:\documents and settings\fk\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\fk\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
c:\windows\ativpsrm.bin
c:\windows\Tasks\rpc.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\ativpsrm.bin
c:\windows\Tasks\rpc.job
.
((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.
2009-03-18 15:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 15:25 . 2009-03-18 15:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 15:25 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-17 17:55 . 2009-03-17 17:55 <DIR> d-------- c:\program files\CCleaner
2009-03-15 15:13 . 2009-03-15 15:16 <DIR> d-------- c:\program files\ICQ6.5
2009-03-09 19:35 . 2009-03-18 15:26 235 --a------ c:\windows\system32\BIN_STRSBW.SPT
2009-03-09 14:31 . 2009-03-16 18:20 <DIR> d-------- c:\program files\WinClamAVShield
2009-03-09 13:49 . 2009-03-17 17:57 <DIR> d-------- c:\program files\Spyware Terminator
2009-03-09 13:49 . 2009-03-09 13:49 <DIR> d-------- c:\program files\Crawler
2009-03-09 13:49 . 2009-03-18 21:00 <DIR> d-------- c:\documents and settings\fk\Application Data\Spyware Terminator
2009-03-09 13:49 . 2009-03-17 22:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-03-09 13:49 . 2009-03-09 13:49 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-25 10:56 . 2009-02-25 10:56 <DIR> d-------- c:\program files\Common Files\DirectX
2009-02-23 20:47 . 2009-02-23 20:47 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-23 20:41 . 2009-02-23 20:47 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\documents and settings\fk\Application Data\Malwarebytes
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 12:20 . 2009-02-22 12:20 45 --a------ c:\windows\system32\initdebug.nfo
2009-02-22 11:12 . 2009-02-22 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 19:52 --------- d-----w c:\documents and settings\fk\Application Data\gtk-2.0
2009-03-17 13:39 --------- d-----w c:\documents and settings\fk\Application Data\Skype
2009-03-17 08:34 --------- d-----w c:\documents and settings\fk\Application Data\skypePM
2009-03-09 18:52 --------- d-----w c:\program files\ICQ6
2009-03-09 13:08 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-09 13:08 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-25 15:52 --------- d--h--w c:\program files\Miranda IM
2009-02-24 10:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 19:47 --------- d-----w c:\program files\Java
2009-02-22 10:09 --------- d-----w c:\program files\ATI Technologies
2009-02-16 05:18 --------- d-----w c:\program files\Google
2009-02-15 18:27 --------- d-----w c:\program files\UberIcon
2009-02-15 18:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-15 18:23 --------- d-----w c:\program files\7-Zip
2009-02-15 18:18 --------- d-----w c:\documents and settings\fk\Application Data\360desktop
2009-02-14 16:09 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 05:57 11,702,272 ----a-w c:\windows\system32\atioglxx.dll
2009-02-04 05:03 290,816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-04 04:56 442,368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-04 04:55 324,096 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-04 04:44 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-04 04:44 155,648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-04 04:43 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-04 04:43 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-04 04:43 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-04 04:41 602,112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-04 04:40 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-04 04:30 3,884,768 ----a-w c:\windows\system32\ati3duag.dll
2009-02-04 04:14 2,645,504 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-04 03:58 49,664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-04 03:54 471,040 ----a-w c:\windows\system32\atikvmag.dll
2009-02-04 03:53 122,880 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-04 03:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-04 03:46 626,688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-04 03:44 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-04 02:43 45,056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-04 02:42 45,056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-04 02:40 3,244,032 ----a-w c:\windows\system32\aticaldd.dll
2009-02-03 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2009-02-01 19:35 --------- d-----w c:\documents and settings\fk\Application Data\Hamachi
2009-01-25 12:32 --------- d-----w c:\program files\GIMP-2.0
2009-01-24 20:14 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-23 14:38 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-23 14:38 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-23 14:29 22,328 ----a-w c:\documents and settings\fk\Application Data\PnkBstrK.sys
2009-01-20 12:44 --------- d-----w c:\program files\FOXCONN
2009-01-19 15:26 --------- d-----w c:\program files\Conduit
2009-01-18 11:01 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-18 11:01 --------- d-----w c:\program files\Hamachi
2008-03-02 17:11 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-23 148888]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-03-09 2233856]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^T-Com Softphone Slovak.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\T-Com Softphone Slovak.lnk
backup=c:\windows\pss\T-Com Softphone Slovak.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Rychlé hledání Microsoft.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Rychlé hledání Microsoft.lnk
backup=c:\windows\pss\Rychlé hledání Microsoft.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Spuštění Office.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Spuštění Office.lnk
backup=c:\windows\pss\Spuštění Office.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-12-31 15:29 962560 c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\games\\FIFA 2008\\FIFA08.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\games\\COD\\iw3mp.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\uživatelia\\Matej\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-03-09 142592]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S2 gupdate1c98fa4c6fabf20;Google Update Service (gupdate1c98fa4c6fabf20);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
S3 FXDrv32;FXDrv32;\??\w:\fxdrv32.sys --> w:\FXDrv32.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7981bac-ec2c-11dc-925f-001c250dcc60}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-03-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 20:36]
2009-03-18 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\fk\Application Data\Mozilla\Firefox\Profiles\xbokys09.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 21:02:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7159C5B-B59F-BE8D-564F-510D95E23D1C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacpmakmnbhehgcn"=hex:61,61,00,7e
"hacpmakmicomcbja"=hex:61,61,00,7e
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2009-03-18 21:03:09
ComboFix-quarantined-files.txt 2009-03-18 20:03:08
ComboFix2.txt 2009-03-18 16:13:59
Pre-Run: 31 035 846 656 bytes free
Post-Run: 13 adresárov, 31,024,447,488 voľných bajtov
208 --- E O F --- 2008-04-10 11:34:20
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.618 [GMT 1:00]
Running from: c:\documents and settings\fk\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\fk\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
c:\windows\ativpsrm.bin
c:\windows\Tasks\rpc.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\ativpsrm.bin
c:\windows\Tasks\rpc.job
.
((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.
2009-03-18 15:26 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-18 15:25 . 2009-03-18 15:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 15:25 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-17 17:55 . 2009-03-17 17:55 <DIR> d-------- c:\program files\CCleaner
2009-03-15 15:13 . 2009-03-15 15:16 <DIR> d-------- c:\program files\ICQ6.5
2009-03-09 19:35 . 2009-03-18 15:26 235 --a------ c:\windows\system32\BIN_STRSBW.SPT
2009-03-09 14:31 . 2009-03-16 18:20 <DIR> d-------- c:\program files\WinClamAVShield
2009-03-09 13:49 . 2009-03-17 17:57 <DIR> d-------- c:\program files\Spyware Terminator
2009-03-09 13:49 . 2009-03-09 13:49 <DIR> d-------- c:\program files\Crawler
2009-03-09 13:49 . 2009-03-18 21:00 <DIR> d-------- c:\documents and settings\fk\Application Data\Spyware Terminator
2009-03-09 13:49 . 2009-03-17 22:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-03-09 13:49 . 2009-03-09 13:49 142,592 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-25 10:56 . 2009-02-25 10:56 <DIR> d-------- c:\program files\Common Files\DirectX
2009-02-23 20:47 . 2009-02-23 20:47 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-23 20:41 . 2009-02-23 20:47 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\documents and settings\fk\Application Data\Malwarebytes
2009-02-23 11:45 . 2009-02-23 11:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-22 12:20 . 2009-02-22 12:20 45 --a------ c:\windows\system32\initdebug.nfo
2009-02-22 11:12 . 2009-02-22 11:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 19:52 --------- d-----w c:\documents and settings\fk\Application Data\gtk-2.0
2009-03-17 13:39 --------- d-----w c:\documents and settings\fk\Application Data\Skype
2009-03-17 08:34 --------- d-----w c:\documents and settings\fk\Application Data\skypePM
2009-03-09 18:52 --------- d-----w c:\program files\ICQ6
2009-03-09 13:08 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-09 13:08 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-25 15:52 --------- d--h--w c:\program files\Miranda IM
2009-02-24 10:52 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 19:47 --------- d-----w c:\program files\Java
2009-02-22 10:09 --------- d-----w c:\program files\ATI Technologies
2009-02-16 05:18 --------- d-----w c:\program files\Google
2009-02-15 18:27 --------- d-----w c:\program files\UberIcon
2009-02-15 18:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-15 18:23 --------- d-----w c:\program files\7-Zip
2009-02-15 18:18 --------- d-----w c:\documents and settings\fk\Application Data\360desktop
2009-02-14 16:09 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-04 07:27 3,488,768 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2009-02-04 05:57 11,702,272 ----a-w c:\windows\system32\atioglxx.dll
2009-02-04 05:03 290,816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-04 04:56 442,368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-04 04:55 324,096 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-04 04:44 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-04 04:44 155,648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-04 04:43 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-04 04:43 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-04 04:43 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-04 04:41 602,112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-04 04:40 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-04 04:30 3,884,768 ----a-w c:\windows\system32\ati3duag.dll
2009-02-04 04:14 2,645,504 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-04 03:58 49,664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-04 03:54 471,040 ----a-w c:\windows\system32\atikvmag.dll
2009-02-04 03:53 122,880 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-04 03:52 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-02-04 03:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-04 03:46 626,688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-04 03:44 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-04 02:43 45,056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-04 02:42 45,056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-04 02:40 3,244,032 ----a-w c:\windows\system32\aticaldd.dll
2009-02-03 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2009-02-01 19:35 --------- d-----w c:\documents and settings\fk\Application Data\Hamachi
2009-01-25 12:32 --------- d-----w c:\program files\GIMP-2.0
2009-01-24 20:14 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-23 14:38 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-01-23 14:38 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-23 14:29 22,328 ----a-w c:\documents and settings\fk\Application Data\PnkBstrK.sys
2009-01-20 12:44 --------- d-----w c:\program files\FOXCONN
2009-01-19 15:26 --------- d-----w c:\program files\Conduit
2009-01-18 11:01 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-18 11:01 --------- d-----w c:\program files\Hamachi
2008-03-02 17:11 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 270336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-23 148888]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-03-09 2233856]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^T-Com Softphone Slovak.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\T-Com Softphone Slovak.lnk
backup=c:\windows\pss\T-Com Softphone Slovak.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Rychlé hledání Microsoft.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Rychlé hledání Microsoft.lnk
backup=c:\windows\pss\Rychlé hledání Microsoft.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^fk^Start Menu^Programs^Startup^Spuštění Office.lnk]
path=c:\documents and settings\fk\Start Menu\Programs\Startup\Spuštění Office.lnk
backup=c:\windows\pss\Spuštění Office.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2007-12-31 15:29 962560 c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\games\\FIFA 2008\\FIFA08.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\games\\COD\\iw3mp.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"d:\\uživatelia\\Matej\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-03-09 142592]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-08-03 69120]
S2 gupdate1c98fa4c6fabf20;Google Update Service (gupdate1c98fa4c6fabf20);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
S3 FXDrv32;FXDrv32;\??\w:\fxdrv32.sys --> w:\FXDrv32.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7981bac-ec2c-11dc-925f-001c250dcc60}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-03-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 20:36]
2009-03-18 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\fk\Application Data\Mozilla\Firefox\Profiles\xbokys09.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 21:02:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1993962763-583907252-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B7159C5B-B59F-BE8D-564F-510D95E23D1C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hacpmakmnbhehgcn"=hex:61,61,00,7e
"hacpmakmicomcbja"=hex:61,61,00,7e
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2009-03-18 21:03:09
ComboFix-quarantined-files.txt 2009-03-18 20:03:08
ComboFix2.txt 2009-03-18 16:13:59
Pre-Run: 31 035 846 656 bytes free
Post-Run: 13 adresárov, 31,024,447,488 voľných bajtov
208 --- E O F --- 2008-04-10 11:34:20
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 81 hostů