Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47:02, on 30. 5. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Softonic English Toolbar - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Program Files\Softonic_English\tbSoft.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
--
End of file - 7569 bytes
preventivna kontrola logu HJT
Re: preventivna kontrola logu HJT
pozrie sa na to niekto, kto tomu rozumie? dakujem
-
Damned
- Tvůrce článků
-
Master Level 9
- Příspěvky: 8353
- Registrován: prosinec 06
- Bydliště: Rokycany
- Pohlaví:
- Stav:
Offline
- Kontakt:
Re: preventivna kontrola logu HJT
Posílám pozdravy na Divoký východ 
Spusť si HJT a fixni:
R3 - URLSearchHook: (no name) - - (no file)
S tebou už to fredík řešil, nebo ne?
Spusť si HJT a fixni:
R3 - URLSearchHook: (no name) - - (no file)
S tebou už to fredík řešil, nebo ne?
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: preventivna kontrola logu HJT
To je jiný PC s vistou , že?
Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Vypni rez. ochranu u NOD32.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: preventivna kontrola logu HJT
dakujem za pozdravy :)
jj fredik so mnou riesil moj komp a uspesne
...tento HJT log je z ineho kompu
ked na nom budem fixnem to zatial vdaka chlapi
jj fredik so mnou riesil moj komp a uspesne
...tento HJT log je z ineho kompu
ked na nom budem fixnem to zatial vdaka chlapi
Re: preventivna kontrola logu HJT
az teraz som sa dostal k tomu pc...
ComboFix 09-06-01.03 - Maros . 06. 2009 12:19.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.3070.2023 [GMT 2:00]
Running from: c:\users\Maros\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\acovcnt.exe
c:\windows\system32\drivers\1043_ASUSTEK_F6A_F6V_V10_VISTA.MRK
c:\windows\system32\drivers\1043_ASUSTeK_F6V.alu
c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.
2009-06-03 10:21 . 2009-06-03 10:21 -------- d-----w- c:\users\Maros\AppData\Local\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 21:59 . 2008-09-20 18:21 12 ----a-w- c:\windows\bthservsdp.dat
2009-05-17 20:48 . 2009-04-08 20:05 -------- d-----w- c:\users\Maros\AppData\Roaming\uTorrent
2009-05-14 09:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-04-26 18:53 . 2009-04-26 18:48 -------- d-----w- c:\users\Maros\AppData\Roaming\dvdcss
2009-04-26 18:48 . 2009-04-26 18:48 -------- d-----w- c:\users\Maros\AppData\Roaming\vlc
2009-04-26 18:48 . 2009-04-26 18:48 -------- d-----w- c:\program files\Conduit
2009-04-26 18:48 . 2009-04-26 18:48 -------- d-----w- c:\program files\Softonic_English
2009-04-26 18:47 . 2009-04-26 18:47 -------- d-----w- c:\program files\VideoLAN
2009-04-26 18:23 . 2009-04-26 18:23 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-04-26 18:22 . 2009-04-26 18:23 737280 ----a-w- c:\windows\iun6002.exe
2009-04-26 18:19 . 2009-04-26 18:19 -------- d-----w- c:\program files\Webteh
2009-04-17 20:59 . 2009-02-09 13:15 -------- d-----w- c:\program files\ICQ6.5
2009-04-17 20:00 . 2009-04-17 20:00 -------- d-----w- c:\programdata\LightScribe
2009-04-08 20:06 . 2009-04-08 20:06 -------- d-----w- c:\program files\uTorrent
2009-03-25 09:52 . 2009-04-26 18:48 51200 ----a-w- c:\users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\p7kzbvjg.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFExternalAlert.dll
2009-03-25 09:52 . 2009-04-26 18:48 114688 ----a-w- c:\users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\p7kzbvjg.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\npmozax.dll
2009-03-17 03:38 . 2009-04-16 18:00 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 18:00 24064 ----a-w- c:\windows\system32\amxread.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2009-03-10 09:47 2079256 ----a-w- c:\program files\Softonic_English\tbSoft.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-09-20 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-09-20 47672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{FBE6DC10-72B6-4ED2-8D1D-CBFBF8F3C527}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{78A77CCA-166A-4A9B-AEE2-16E3C158C6B6}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"{149E36BA-3B64-4E03-A39C-CE28C9B0CAD1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{F9148F7D-A2B0-4CF1-9F0F-7E08927C5005}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [6. 2. 2009 15:23 106208]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [21. 1. 2008 4:23 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [21. 1. 2008 4:23 21504]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6. 2. 2009 15:23 727720]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [6. 2. 2009 15:24 38240]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9. 2. 2009 15:16 222456]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [20. 9. 2008 21:38 29736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\p7kzbvjg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic_English Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT11423 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\p7kzbvjg.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFExternalAlert.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 12:21
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\APSHook.dll
- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
.
Completion time: 2009-06-03 12:22
ComboFix-quarantined-files.txt 2009-06-03 10:22
Pre-Run: 113 682 444 288 bytes free
Post-Run: 113 904 836 608 bytes free
141 --- E O F --- 2009-06-01 16:58
ComboFix 09-06-01.03 - Maros . 06. 2009 12:19.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.421.1051.18.3070.2023 [GMT 2:00]
Running from: c:\users\Maros\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\acovcnt.exe
c:\windows\system32\drivers\1043_ASUSTEK_F6A_F6V_V10_VISTA.MRK
c:\windows\system32\drivers\1043_ASUSTeK_F6V.alu
c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.
2009-06-03 10:21 . 2009-06-03 10:21 -------- d-----w- c:\users\Maros\AppData\Local\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 21:59 . 2008-09-20 18:21 12 ----a-w- c:\windows\bthservsdp.dat
2009-05-17 20:48 . 2009-04-08 20:05 -------- d-----w- c:\users\Maros\AppData\Roaming\uTorrent
2009-05-14 09:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-04-26 18:53 . 2009-04-26 18:48 -------- d-----w- c:\users\Maros\AppData\Roaming\dvdcss
2009-04-26 18:48 . 2009-04-26 18:48 -------- d-----w- c:\users\Maros\AppData\Roaming\vlc
2009-04-26 18:48 . 2009-04-26 18:48 -------- d-----w- c:\program files\Conduit
2009-04-26 18:48 . 2009-04-26 18:48 -------- d-----w- c:\program files\Softonic_English
2009-04-26 18:47 . 2009-04-26 18:47 -------- d-----w- c:\program files\VideoLAN
2009-04-26 18:23 . 2009-04-26 18:23 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-04-26 18:22 . 2009-04-26 18:23 737280 ----a-w- c:\windows\iun6002.exe
2009-04-26 18:19 . 2009-04-26 18:19 -------- d-----w- c:\program files\Webteh
2009-04-17 20:59 . 2009-02-09 13:15 -------- d-----w- c:\program files\ICQ6.5
2009-04-17 20:00 . 2009-04-17 20:00 -------- d-----w- c:\programdata\LightScribe
2009-04-08 20:06 . 2009-04-08 20:06 -------- d-----w- c:\program files\uTorrent
2009-03-25 09:52 . 2009-04-26 18:48 51200 ----a-w- c:\users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\p7kzbvjg.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFExternalAlert.dll
2009-03-25 09:52 . 2009-04-26 18:48 114688 ----a-w- c:\users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\p7kzbvjg.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\npmozax.dll
2009-03-17 03:38 . 2009-04-16 18:00 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 18:00 24064 ----a-w- c:\windows\system32\amxread.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2009-03-10 09:47 2079256 ----a-w- c:\program files\Softonic_English\tbSoft.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2008-09-20 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-09-20 47672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{FBE6DC10-72B6-4ED2-8D1D-CBFBF8F3C527}c:\\program files\\icq6.5\\icq.exe"= UDP:c:\program files\icq6.5\icq.exe:ICQ Library
"UDP Query User{78A77CCA-166A-4A9B-AEE2-16E3C158C6B6}c:\\program files\\icq6.5\\icq.exe"= TCP:c:\program files\icq6.5\icq.exe:ICQ Library
"{149E36BA-3B64-4E03-A39C-CE28C9B0CAD1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{F9148F7D-A2B0-4CF1-9F0F-7E08927C5005}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [6. 2. 2009 15:23 106208]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [21. 1. 2008 4:23 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [21. 1. 2008 4:23 21504]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6. 2. 2009 15:23 727720]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [6. 2. 2009 15:24 38240]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [9. 2. 2009 15:16 222456]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [20. 9. 2008 21:38 29736]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.sk/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\p7kzbvjg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic_English Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT11423 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - component: c:\users\Maros\AppData\Roaming\Mozilla\Firefox\Profiles\p7kzbvjg.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFExternalAlert.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 12:21
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\APSHook.dll
- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll
.
Completion time: 2009-06-03 12:22
ComboFix-quarantined-files.txt 2009-06-03 10:22
Pre-Run: 113 682 444 288 bytes free
Post-Run: 113 904 836 608 bytes free
141 --- E O F --- 2009-06-01 16:58
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: preventivna kontrola logu HJT
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\bthservsdp.dat
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 81 hostů