Kontrola logu - vypínání části security balíku +

[onewinger]

Zdravím,
prosil bych kontrolu logu skrz vypínání části security balíku McAfee.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:17:21, on 30.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8122 bytes

[Reklama]

[memphisto]

v logu nevidím nic špatného. U McAfee ti chybí několik služeb, takže to zkus přeinstalovat a třeba se tím problém vyřeší. Pro jistotu:

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[onewinger]

McAfee umožňuje jen odinstalování nikoliv přeinstalování a já mám strach abych nepřišel o tu poslední licenci, kterou mám v plánu dát na další NTB


EDIT: tady to máš



Malwarebytes' Anti-Malware 1.39
Verze databáze: 2421
Windows 5.1.2600 Service Pack 3

30.7.2009 20:44:21
mbam-log-2009-07-30 (20-44-15).txt

Typ skenu: Rychlý sken
Objektu skenováno: 95253
Uplynulý cas: 9 minute(s), 56 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[memphisto]

pravděpodobně se přeinstalaci nevyhneš, protože ti tam chybí některé služby ( a celkem důležité jako třeba Updater)

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[onewinger]

Malwarebytes' Anti-Malware 1.39
Verze databáze: 2421
Windows 5.1.2600 Service Pack 3

30.7.2009 22:51:25
mbam-log-2009-07-30 (22-51-25).txt

Typ skenu: Rychlý sken
Objektu skenováno: 95126
Uplynulý cas: 9 minute(s), 40 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

[onewinger]

ComboFix 09-07-29.04 - Petr 30.07.2009 23:37.5.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.246 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\808c6.msi

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-28 do 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-30 18:31 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-30 18:31 . 2009-07-30 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-30 18:31 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 16:49 . 2009-07-30 16:49 -------- d-----w- c:\program files\FLVPlayer
2009-07-25 19:17 . 2009-07-25 19:17 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-18 16:23 . 2009-07-18 16:23 -------- d-----w- c:\program files\ASIO4ALL v2
2009-07-18 16:23 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-07-18 16:17 . 2009-07-18 16:48 -------- d-----w- c:\program files\Image-Line
2009-07-17 22:39 . 2009-07-17 22:58 -------- d-----w- c:\program files\BitLord
2009-07-14 17:47 . 2009-07-14 17:47 -------- d-----w- c:\program files\Qip music
2009-07-13 18:02 . 2009-07-13 18:02 -------- d-----w- c:\program files\Ventrilo
2009-07-13 07:48 . 2009-07-13 07:48 -------- d-----w- c:\program files\Lavalys
2009-07-13 07:15 . 2004-08-22 00:52 81920 ----a-w- c:\windows\system32\lladrv.dll
2009-07-13 07:15 . 2004-08-22 00:21 73728 ----a-w- c:\windows\system32\lladrv.exe
2009-07-13 07:15 . 2004-08-22 00:16 32544 ----a-w- c:\windows\system32\drivers\lladrv.sys
2009-07-13 06:18 . 2007-01-15 15:37 4308 ----a-w- c:\windows\NT4_98.reg
2009-07-13 06:18 . 2007-01-15 15:37 4290 ----a-w- c:\windows\MeXP.reg
2009-07-13 06:18 . 2009-07-13 06:18 -------- d-----w- c:\program files\KYE
2009-07-13 06:18 . 2007-01-15 15:37 4290 ----a-w- c:\windows\Other.reg
2009-07-13 06:18 . 2007-01-15 15:37 4306 ----a-w- c:\windows\2K.reg
2009-07-13 06:18 . 2005-02-25 14:54 233472 ----a-w- c:\windows\InstIt.exe
2009-07-13 06:18 . 2006-12-08 15:01 547840 ----a-w- c:\windows\mHotkey.exe
2009-07-13 06:18 . 2005-02-25 14:54 24576 ----a-w- c:\windows\HKNTDLL.dll
2009-07-13 06:18 . 2003-07-03 12:21 294912 ----a-w- c:\windows\PIC.dll
2009-07-11 17:16 . 2009-07-11 17:16 -------- d-----w- c:\program files\QIP
2009-07-07 10:41 . 2009-07-17 10:36 -------- d-----w- c:\program files\AMD
2009-07-05 20:16 . 2009-07-05 20:16 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-05 20:16 . 2009-07-05 20:17 -------- d-----w- c:\program files\Hamachi
2009-07-05 10:29 . 2009-07-05 10:30 -------- d-----w- c:\program files\Nvu
2009-07-04 15:40 . 2009-07-17 10:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-03 21:45 . 2009-07-03 21:45 -------- d-----w- c:\program files\QIP Infium
2009-07-03 21:38 . 2009-07-03 21:38 -------- d-----w- c:\program files\Miranda IM
2009-07-03 21:29 . 2009-07-03 21:35 -------- d-----w- c:\program files\Miranda
2009-07-03 20:39 . 2008-04-14 06:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-07-01 16:21 . 2009-07-01 16:21 -------- d-----w- c:\program files\Common Files\LightScribe
2009-07-01 15:11 . 2009-07-01 15:11 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 21:04 . 2009-05-21 17:10 -------- d-----w- c:\program files\McAfee
2009-07-24 18:50 . 2009-05-27 17:37 -------- d-----w- c:\program files\Steam
2009-07-18 16:48 . 2009-06-02 18:22 -------- d-----w- c:\program files\VSTplugins
2009-07-18 16:15 . 2009-06-03 17:08 -------- d-----w- c:\program files\Cakewalk
2009-07-13 06:18 . 2003-08-14 14:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-03 22:13 . 2009-03-25 16:13 -------- d-----w- c:\program files\TotalCMD
2009-07-03 20:56 . 2003-08-14 14:35 -------- d-----w- c:\program files\CCleaner
2009-06-21 12:25 . 2009-06-21 11:11 -------- d-----w- c:\program files\Game_Maker7
2009-06-21 11:10 . 2009-06-21 10:49 -------- d-----w- c:\program files\Game_Maker6
2009-06-12 18:42 . 2001-10-25 12:00 77706 ----a-w- c:\windows\system32\perfc005.dat
2009-06-12 18:42 . 2001-10-25 12:00 427336 ----a-w- c:\windows\system32\perfh005.dat
2009-06-12 18:41 . 2009-03-18 16:43 -------- d-----w- c:\program files\MSBuild
2009-06-12 18:33 . 2009-06-12 18:33 -------- d-----w- c:\program files\Reference Assemblies
2009-06-12 17:59 . 2009-06-12 17:59 -------- d-----w- c:\program files\Sony Setup
2009-06-11 17:15 . 2009-06-11 17:15 -------- d-----w- c:\program files\Paragon Software
2009-06-05 13:20 . 2009-04-25 12:22 8 ----a-w- c:\windows\system32\nvModes.dat
2009-06-03 17:50 . 2009-06-03 17:50 -------- d-----w- c:\program files\Common Files\Steinberg
2009-06-02 18:45 . 2009-06-02 18:24 -------- d-----w- c:\program files\Native Instruments
2009-06-02 18:38 . 2009-06-02 18:38 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-06-01 15:27 . 2009-06-01 14:54 -------- d-----w- c:\program files\Akram Audio Editor
2009-06-01 14:54 . 2009-06-01 14:54 450560 ----a-w- c:\windows\system32\maai.dll
2009-06-01 14:54 . 2009-06-01 14:54 196608 ----a-w- c:\windows\system32\maag.dll
2009-06-01 14:54 . 2009-06-01 14:54 1040384 ----a-w- c:\windows\system32\maah.dll
2009-06-01 14:54 . 2009-06-01 14:54 311296 ----a-w- c:\windows\system32\maaf.dll
2009-06-01 14:54 . 2009-06-01 14:54 835584 ----a-w- c:\windows\system32\maae.dll
2009-06-01 14:54 . 2009-06-01 14:54 729088 ----a-w- c:\windows\system32\maad.dll
2009-06-01 14:54 . 2009-06-01 14:54 335872 ----a-w- c:\windows\system32\maac.dll
2009-06-01 14:54 . 2009-06-01 14:54 315392 ----a-w- c:\windows\system32\maab.dll
2009-06-01 14:54 . 2009-06-01 14:54 1843200 ----a-w- c:\windows\system32\maaa.dll
2009-06-01 14:54 . 2009-06-01 14:54 237568 ----a-w- c:\windows\system32\lame_enc.dll
2009-05-09 20:54 . 2009-05-09 21:11 10288 ----a-w- c:\windows\Fonts\font2.ttf
2009-05-02 17:17 . 2009-05-02 17:18 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 21:09 . 2003-08-14 14:32 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-02-12 3276288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WireLessMouse"="c:\program files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 lladrv;LLAdrv;c:\windows\system32\drivers\lladrv.sys [13.7.2009 9:15 32544]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [21.5.2009 19:17 206112]
S3 cpuz128;cpuz128;\??\c:\docume~1\Petr\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Petr\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 HwIOctl;HwIOctl;\??\c:\docume~1\Petr\LOCALS~1\Temp\Rar$EX01.116\HwIOctl.sys --> c:\docume~1\Petr\LOCALS~1\Temp\Rar$EX01.116\HwIOctl.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-05-21 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-21 08:53]

2009-05-21 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-21 08:53]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\dzrfm8ma.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 23:45
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-07-30 23:49
ComboFix-quarantined-files.txt 2009-07-30 21:49

Před spuštěním: Volných bajtů: 15 460 171 776
Po spuštění: Volných bajtů: 15 427 825 664

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
218

[onewinger]

Memphisto odjíždím na víkend na chalupu kde nemám možnost připojení k internetu, tak prosím počkej s řešením logu až do pondělí.

Díky

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\nvModes.dat

Driver::
cpuz128

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\NT4_98.reg
c:\windows\MeXP.reg
c:\windows\Other.reg
c:\windows\2K.reg
c:\windows\PIC.dll
Vlož sem pak odkazy výsledků.

[onewinger]

ComboFix 09-08-02.03 - Petr 03.08.2009 11:52.6.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.205 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý


FILE ::
"c:\windows\system32\nvModes.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\nvModes.dat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ128
-------\Service_cpuz128


((((((((((((((((((((((((( Soubory vytvořené od 2009-07-03 do 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-07-30 18:31 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-30 18:31 . 2009-07-30 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-30 18:31 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 16:49 . 2009-07-30 16:49 -------- d-----w- c:\program files\FLVPlayer
2009-07-25 19:17 . 2009-07-25 19:17 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-18 16:23 . 2009-07-18 16:23 -------- d-----w- c:\program files\ASIO4ALL v2
2009-07-18 16:23 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-07-18 16:17 . 2009-07-18 16:48 -------- d-----w- c:\program files\Image-Line
2009-07-17 22:39 . 2009-07-17 22:58 -------- d-----w- c:\program files\BitLord
2009-07-14 17:47 . 2009-07-14 17:47 -------- d-----w- c:\program files\Qip music
2009-07-13 18:02 . 2009-07-13 18:02 -------- d-----w- c:\program files\Ventrilo
2009-07-13 07:48 . 2009-07-13 07:48 -------- d-----w- c:\program files\Lavalys
2009-07-13 07:15 . 2004-08-22 00:52 81920 ----a-w- c:\windows\system32\lladrv.dll
2009-07-13 07:15 . 2004-08-22 00:21 73728 ----a-w- c:\windows\system32\lladrv.exe
2009-07-13 07:15 . 2004-08-22 00:16 32544 ----a-w- c:\windows\system32\drivers\lladrv.sys
2009-07-13 06:18 . 2007-01-15 15:37 4308 ----a-w- c:\windows\NT4_98.reg
2009-07-13 06:18 . 2007-01-15 15:37 4290 ----a-w- c:\windows\MeXP.reg
2009-07-13 06:18 . 2009-07-13 06:18 -------- d-----w- c:\program files\KYE
2009-07-13 06:18 . 2007-01-15 15:37 4290 ----a-w- c:\windows\Other.reg
2009-07-13 06:18 . 2007-01-15 15:37 4306 ----a-w- c:\windows\2K.reg
2009-07-13 06:18 . 2005-02-25 14:54 233472 ----a-w- c:\windows\InstIt.exe
2009-07-13 06:18 . 2006-12-08 15:01 547840 ----a-w- c:\windows\mHotkey.exe
2009-07-13 06:18 . 2005-02-25 14:54 24576 ----a-w- c:\windows\HKNTDLL.dll
2009-07-13 06:18 . 2003-07-03 12:21 294912 ----a-w- c:\windows\PIC.dll
2009-07-11 17:16 . 2009-07-11 17:16 -------- d-----w- c:\program files\QIP
2009-07-07 10:41 . 2009-07-17 10:36 -------- d-----w- c:\program files\AMD
2009-07-05 20:16 . 2009-07-05 20:16 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-05 20:16 . 2009-07-05 20:17 -------- d-----w- c:\program files\Hamachi
2009-07-05 10:29 . 2009-07-05 10:30 -------- d-----w- c:\program files\Nvu
2009-07-04 15:40 . 2009-07-17 10:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 21:04 . 2009-05-21 17:10 -------- d-----w- c:\program files\McAfee
2009-07-24 18:50 . 2009-05-27 17:37 -------- d-----w- c:\program files\Steam
2009-07-18 16:48 . 2009-06-02 18:22 -------- d-----w- c:\program files\VSTplugins
2009-07-18 16:15 . 2009-06-03 17:08 -------- d-----w- c:\program files\Cakewalk
2009-07-13 06:18 . 2003-08-14 14:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-03 22:13 . 2009-03-25 16:13 -------- d-----w- c:\program files\TotalCMD
2009-07-03 21:45 . 2009-07-03 21:45 -------- d-----w- c:\program files\QIP Infium
2009-07-03 21:38 . 2009-07-03 21:38 -------- d-----w- c:\program files\Miranda IM
2009-07-03 21:35 . 2009-07-03 21:29 -------- d-----w- c:\program files\Miranda
2009-07-03 20:56 . 2003-08-14 14:35 -------- d-----w- c:\program files\CCleaner
2009-07-01 16:21 . 2009-07-01 16:21 -------- d-----w- c:\program files\Common Files\LightScribe
2009-07-01 15:11 . 2009-07-01 15:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-21 12:25 . 2009-06-21 11:11 -------- d-----w- c:\program files\Game_Maker7
2009-06-21 11:10 . 2009-06-21 10:49 -------- d-----w- c:\program files\Game_Maker6
2009-06-12 18:42 . 2001-10-25 12:00 77706 ----a-w- c:\windows\system32\perfc005.dat
2009-06-12 18:42 . 2001-10-25 12:00 427336 ----a-w- c:\windows\system32\perfh005.dat
2009-06-12 18:41 . 2009-03-18 16:43 -------- d-----w- c:\program files\MSBuild
2009-06-12 18:33 . 2009-06-12 18:33 -------- d-----w- c:\program files\Reference Assemblies
2009-06-12 17:59 . 2009-06-12 17:59 -------- d-----w- c:\program files\Sony Setup
2009-06-11 17:15 . 2009-06-11 17:15 -------- d-----w- c:\program files\Paragon Software
2009-06-02 18:38 . 2009-06-02 18:38 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-06-01 14:54 . 2009-06-01 14:54 450560 ----a-w- c:\windows\system32\maai.dll
2009-06-01 14:54 . 2009-06-01 14:54 196608 ----a-w- c:\windows\system32\maag.dll
2009-06-01 14:54 . 2009-06-01 14:54 1040384 ----a-w- c:\windows\system32\maah.dll
2009-06-01 14:54 . 2009-06-01 14:54 311296 ----a-w- c:\windows\system32\maaf.dll
2009-06-01 14:54 . 2009-06-01 14:54 835584 ----a-w- c:\windows\system32\maae.dll
2009-06-01 14:54 . 2009-06-01 14:54 729088 ----a-w- c:\windows\system32\maad.dll
2009-06-01 14:54 . 2009-06-01 14:54 335872 ----a-w- c:\windows\system32\maac.dll
2009-06-01 14:54 . 2009-06-01 14:54 315392 ----a-w- c:\windows\system32\maab.dll
2009-06-01 14:54 . 2009-06-01 14:54 1843200 ----a-w- c:\windows\system32\maaa.dll
2009-06-01 14:54 . 2009-06-01 14:54 237568 ----a-w- c:\windows\system32\lame_enc.dll
2009-05-09 20:54 . 2009-05-09 21:11 10288 ----a-w- c:\windows\Fonts\font2.ttf
2009-07-17 21:09 . 2003-08-14 14:32 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-30_21.45.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-03 10:07 . 2009-08-03 10:07 16384 c:\windows\temp\Perflib_Perfdata_6f8.dat
+ 2009-03-18 15:52 . 2009-08-03 08:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-18 15:52 . 2009-07-30 19:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-18 15:52 . 2009-07-30 19:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-18 15:52 . 2009-08-03 08:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-18 15:52 . 2009-08-03 08:24 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-18 15:52 . 2009-07-30 19:30 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-02 18:40 . 2009-08-02 18:40 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2009-07-29 17:43 . 2009-07-29 17:43 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 lladrv;LLAdrv;c:\windows\system32\drivers\lladrv.sys [13.7.2009 9:15 32544]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [21.5.2009 19:17 206112]
S3 HwIOctl;HwIOctl;\??\c:\docume~1\Petr\LOCALS~1\Temp\Rar$EX01.116\HwIOctl.sys --> c:\docume~1\Petr\LOCALS~1\Temp\Rar$EX01.116\HwIOctl.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-05-21 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-21 08:53]

2009-05-21 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-21 08:53]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\dzrfm8ma.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 12:09
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3296)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\McAfee.com\Agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\system32\rundll32.exe
c:\program files\QIP\qip.exe
c:\program files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
.
**************************************************************************
.
Celkový čas: 2009-08-03 12:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-03 10:18
ComboFix2.txt 2009-07-30 21:50

Před spuštěním: Volných bajtů: 15 337 021 440
Po spuštění: Volných bajtů: 15 252 373 504

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
244

[onewinger]

Výsledky z VirusTotal

http://www.virustotal.com/cs/analisis/4 ... 1249295721

http://www.virustotal.com/cs/analisis/f ... 1249295863

http://www.virustotal.com/cs/analisis/f ... 1249296012

http://www.virustotal.com/cs/analisis/b ... 1249296252

http://www.virustotal.com/cs/analisis/6 ... 1249296330

[jaro3]

S tím VirusTotal děláš něco špatně, musíš počkat až provedou sken všechny antiviry a objeví se červeně třeba 0/40.
Pak zkopíruj adresu .Zkus to znovu.

ještě script v CF:

Kód: Vybrat vše

KillAll::
File::
c:\docume~1\Petr\LOCALS~1\Temp\Rar$EX01.116\HwIOctl.sys

Driver::
HwIOctl
HwIOctl;HwIOctl

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000


Pak znovu log z CF+HJT.

[onewinger]

ComboFix 09-08-02.04 - Petr 03.08.2009 18:30.7.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.511.213 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Petr\Plocha\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\docume~1\Petr\LOCALS~1\Temp\Rar$EX01.116\HwIOctl.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HWIOCTL
-------\Service_HwIOctl


((((((((((((((((((((((((( Soubory vytvořené od 2009-07-03 do 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-07-30 18:31 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-30 18:31 . 2009-07-30 18:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-30 18:31 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-30 16:49 . 2009-07-30 16:49 -------- d-----w- c:\program files\FLVPlayer
2009-07-25 19:17 . 2009-07-25 19:17 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-18 16:23 . 2009-07-18 16:23 -------- d-----w- c:\program files\ASIO4ALL v2
2009-07-18 16:23 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2009-07-18 16:17 . 2009-07-18 16:48 -------- d-----w- c:\program files\Image-Line
2009-07-17 22:39 . 2009-07-17 22:58 -------- d-----w- c:\program files\BitLord
2009-07-14 17:47 . 2009-07-14 17:47 -------- d-----w- c:\program files\Qip music
2009-07-13 18:02 . 2009-07-13 18:02 -------- d-----w- c:\program files\Ventrilo
2009-07-13 07:48 . 2009-07-13 07:48 -------- d-----w- c:\program files\Lavalys
2009-07-13 07:15 . 2004-08-22 00:52 81920 ----a-w- c:\windows\system32\lladrv.dll
2009-07-13 07:15 . 2004-08-22 00:21 73728 ----a-w- c:\windows\system32\lladrv.exe
2009-07-13 07:15 . 2004-08-22 00:16 32544 ----a-w- c:\windows\system32\drivers\lladrv.sys
2009-07-13 06:18 . 2007-01-15 15:37 4308 ----a-w- c:\windows\NT4_98.reg
2009-07-13 06:18 . 2007-01-15 15:37 4290 ----a-w- c:\windows\MeXP.reg
2009-07-13 06:18 . 2009-07-13 06:18 -------- d-----w- c:\program files\KYE
2009-07-13 06:18 . 2007-01-15 15:37 4290 ----a-w- c:\windows\Other.reg
2009-07-13 06:18 . 2007-01-15 15:37 4306 ----a-w- c:\windows\2K.reg
2009-07-13 06:18 . 2005-02-25 14:54 233472 ----a-w- c:\windows\InstIt.exe
2009-07-13 06:18 . 2006-12-08 15:01 547840 ----a-w- c:\windows\mHotkey.exe
2009-07-13 06:18 . 2005-02-25 14:54 24576 ----a-w- c:\windows\HKNTDLL.dll
2009-07-13 06:18 . 2003-07-03 12:21 294912 ----a-w- c:\windows\PIC.dll
2009-07-11 17:16 . 2009-07-11 17:16 -------- d-----w- c:\program files\QIP
2009-07-07 10:41 . 2009-07-17 10:36 -------- d-----w- c:\program files\AMD
2009-07-05 20:16 . 2009-07-05 20:16 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-05 20:16 . 2009-07-05 20:17 -------- d-----w- c:\program files\Hamachi
2009-07-05 10:29 . 2009-07-05 10:30 -------- d-----w- c:\program files\Nvu

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 21:04 . 2009-05-21 17:10 -------- d-----w- c:\program files\McAfee
2009-07-24 18:50 . 2009-05-27 17:37 -------- d-----w- c:\program files\Steam
2009-07-18 16:48 . 2009-06-02 18:22 -------- d-----w- c:\program files\VSTplugins
2009-07-18 16:15 . 2009-06-03 17:08 -------- d-----w- c:\program files\Cakewalk
2009-07-17 10:38 . 2009-07-04 15:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-13 06:18 . 2003-08-14 14:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-03 22:13 . 2009-03-25 16:13 -------- d-----w- c:\program files\TotalCMD
2009-07-03 21:45 . 2009-07-03 21:45 -------- d-----w- c:\program files\QIP Infium
2009-07-03 21:38 . 2009-07-03 21:38 -------- d-----w- c:\program files\Miranda IM
2009-07-03 21:35 . 2009-07-03 21:29 -------- d-----w- c:\program files\Miranda
2009-07-03 20:56 . 2003-08-14 14:35 -------- d-----w- c:\program files\CCleaner
2009-07-01 16:21 . 2009-07-01 16:21 -------- d-----w- c:\program files\Common Files\LightScribe
2009-07-01 15:11 . 2009-07-01 15:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-21 12:25 . 2009-06-21 11:11 -------- d-----w- c:\program files\Game_Maker7
2009-06-21 11:10 . 2009-06-21 10:49 -------- d-----w- c:\program files\Game_Maker6
2009-06-12 18:42 . 2001-10-25 12:00 77706 ----a-w- c:\windows\system32\perfc005.dat
2009-06-12 18:42 . 2001-10-25 12:00 427336 ----a-w- c:\windows\system32\perfh005.dat
2009-06-12 18:41 . 2009-03-18 16:43 -------- d-----w- c:\program files\MSBuild
2009-06-12 18:33 . 2009-06-12 18:33 -------- d-----w- c:\program files\Reference Assemblies
2009-06-12 17:59 . 2009-06-12 17:59 -------- d-----w- c:\program files\Sony Setup
2009-06-11 17:15 . 2009-06-11 17:15 -------- d-----w- c:\program files\Paragon Software
2009-06-02 18:38 . 2009-06-02 18:38 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-06-01 14:54 . 2009-06-01 14:54 450560 ----a-w- c:\windows\system32\maai.dll
2009-06-01 14:54 . 2009-06-01 14:54 196608 ----a-w- c:\windows\system32\maag.dll
2009-06-01 14:54 . 2009-06-01 14:54 1040384 ----a-w- c:\windows\system32\maah.dll
2009-06-01 14:54 . 2009-06-01 14:54 311296 ----a-w- c:\windows\system32\maaf.dll
2009-06-01 14:54 . 2009-06-01 14:54 835584 ----a-w- c:\windows\system32\maae.dll
2009-06-01 14:54 . 2009-06-01 14:54 729088 ----a-w- c:\windows\system32\maad.dll
2009-06-01 14:54 . 2009-06-01 14:54 335872 ----a-w- c:\windows\system32\maac.dll
2009-06-01 14:54 . 2009-06-01 14:54 315392 ----a-w- c:\windows\system32\maab.dll
2009-06-01 14:54 . 2009-06-01 14:54 1843200 ----a-w- c:\windows\system32\maaa.dll
2009-06-01 14:54 . 2009-06-01 14:54 237568 ----a-w- c:\windows\system32\lame_enc.dll
2009-05-09 20:54 . 2009-05-09 21:11 10288 ----a-w- c:\windows\Fonts\font2.ttf
2009-07-17 21:09 . 2003-08-14 14:32 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-30_21.45.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-18 15:52 . 2009-08-03 16:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-18 15:52 . 2009-07-30 19:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-18 15:52 . 2009-08-03 16:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-18 15:52 . 2009-07-30 19:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-18 15:52 . 2009-08-03 16:12 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-18 15:52 . 2009-07-30 19:30 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-08-02 18:40 . 2009-08-02 18:40 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2009-07-29 17:43 . 2009-07-29 17:43 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QIP2005"="c:\program files\QIP\qip.exe" [2009-02-12 3276288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WireLessMouse"="c:\program files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 lladrv;LLAdrv;c:\windows\system32\drivers\lladrv.sys [13.7.2009 9:15 32544]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [21.5.2009 19:17 206112]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-05-21 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-21 08:53]

2009-05-21 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-21 08:53]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\dzrfm8ma.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 18:47
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2988)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Celkový čas: 2009-08-03 18:57 - počítač byl restartován
ComboFix-quarantined-files.txt 2009-08-03 16:57
ComboFix2.txt 2009-08-03 10:18
ComboFix3.txt 2009-07-30 21:50

Před spuštěním: Volných bajtů: 15 282 274 304
Po spuštění: Volných bajtů: 15 237 873 664

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
248