ahoj dnes jsem si asi stáhl nějákého trojana aspon to tvrdí nod sice píše že vše budto smazal nebo dal do karantény ale po restartu je to tam znovu, pc je totálně pomalé zatížení cpu stále kolem 100%, vyskakují na mě internetové stránky, mění se mě domovská stránka , tak prosím o kontrolu logu a případnou pomoc
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15:45, on 13.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\ccdrive32.exe
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\java\jre6\bin\jusched .exe
c:\program files\ati technologies\ati control panel\atiptaxx .exe
C:\Documents and Settings\user\reader_s.exe
c:\program files\creative\creative zen\zen media explorer\ctcheck .exe
c:\program files\eset\eset smart security\egui .exe
c:\program files\microsoft office\office12\groovemonitor .exe
c:\program files\creative\sync manager unicode\ctsyncu .exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\DOCUME~1\user\LOCALS~1\Temp\setupv.exe
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www3.iamwired.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: gwprimawega - {60eec1a7-6082-83f1-a2f7-212c726b25e1} - C:\WINDOWS\system32\CR_nJ4-f.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\ccdrive32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\user\reader_s.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\ccdrive32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: updater.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98882f7af9498) (gupdate1c98882f7af9498) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing)
--
End of file - 10091 bytes
prosím o kontrolu logu Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu
Především odinstaluj cracklý ESET Smart Security.a pořiď si free antivir-Avira, Avast, AVG.
Dále odinstaluj zbytky po Symantec tímto:
ftp://ftp.symantec.com/public/english_u ... l_Tool.exe
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Dále odinstaluj zbytky po Symantec tímto:
ftp://ftp.symantec.com/public/english_u ... l_Tool.exe
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www3.iamwired.net/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: gwprimawega - {60eec1a7-6082-83f1-a2f7-212c726b25e1} - C:\WINDOWS\system32\CR_nJ4-f.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\ccdrive32.exe
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\user\reader_s.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\ccdrive32.exe
O4 - Startup: updater.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu logu
udělal jsem postupně co jsi napsal ale chvilku to trvalo ta rychlost je ubíjející , zatížení cpu stále 100 %
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3737
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
14.2.2010 13:02:56
mbam-log-2010-02-14 (13-02-45).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 130076
Uplynulý čas: 37 minute(s), 1 second(s)
Infikované procesy v paměti: 3
Infikované moduly v paměti: 0
Infikované klíče registru: 10
Infikované hodnoty registru: 7
Infikované datové položky registru: 6
Infikované adresáře: 2
Infikované soubory: 56
Infikované procesy v paměti:
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\reader_s.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\reader_s.exe (Malware.Packer.Gen) -> No action taken.
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{fe5b2d9d-91b0-b04b-ac20-14a260769687} (Adware.ColorSoft) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\-cwzsk (Adware.AdRotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\atipta (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\puda4 (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Packer.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Packer.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: c:\windows\system32\kbdsock.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: system32\kbdsock.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-8275360423-6910829324-162253946-6236\wnzip32.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1456\budau44.exe) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken.
Infikované adresáře:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> No action taken.
Infikované soubory:
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (Trojan.FakeAlert.H) -> No action taken.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1456\budau44.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\reader_s.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> No action taken.
C:\Program Files\Internet Explorer\wmpscfgs.exe (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo .exe (Backdoor.Bot) -> No action taken.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.B) -> No action taken.
C:\RECYCLER\S-1-5-21-8275360423-6910829324-162253946-6236\wnzip32.exe (Worm.Autorun.B) -> No action taken.
C:\WINDOWS\system32\-CWZsK.exe (Adware.AdRotator) -> No action taken.
C:\WINDOWS\system32\app_dll.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\kbdsock.dll (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\reader_s .exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\mshlps.dll (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\drivers\yxuucvw.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\036.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\044.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\139.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\crxt.exe (Backdoor.Bot.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\657.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\6dbc0ac8.tmp (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\715.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\731.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\875.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\ukkan.exe (Backdoor.Bot.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\nieo.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\958.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\e751af1c.tmp (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\rstrerc.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\f8796062 .exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\wmpscfgs.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\ldm1.exe (Adware.Agent) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\316.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\340.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\445.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\_tc\DVDFab Platinum 6.2.1.8\hdashcut.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\user\hdashcut .exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\user\hdashcut.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\user\reader_s .exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\reader_s.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\20KLWS5K\r32netsh[1].exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AUPY00PS\loaderadv563[1].exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AUPY00PS\buda3[1].exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AUPY00PS\pr3xy[1].exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O6DZJPO3\arzuoz[2].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O6DZJPO3\ycpxe[1].htm (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O6DZJPO3\ycpxe[2].htm (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O6DZJPO3\ysautnmg[1].htm (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> No action taken.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> No action taken.
C:\Program Files\Adobe\acrotray .exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\ccdrive32.exe (Backdoor.IRCBot) -> No action taken.
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3737
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
14.2.2010 13:02:56
mbam-log-2010-02-14 (13-02-45).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 130076
Uplynulý čas: 37 minute(s), 1 second(s)
Infikované procesy v paměti: 3
Infikované moduly v paměti: 0
Infikované klíče registru: 10
Infikované hodnoty registru: 7
Infikované datové položky registru: 6
Infikované adresáře: 2
Infikované soubory: 56
Infikované procesy v paměti:
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\reader_s.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\reader_s.exe (Malware.Packer.Gen) -> No action taken.
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{fe5b2d9d-91b0-b04b-ac20-14a260769687} (Adware.ColorSoft) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\-cwzsk (Adware.AdRotator) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\atipta (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\puda4 (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Packer.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Packer.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: c:\windows\system32\kbdsock.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: system32\kbdsock.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-8275360423-6910829324-162253946-6236\wnzip32.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1456\budau44.exe) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken.
Infikované adresáře:
C:\WINDOWS\system32\lowsec (Stolen.data) -> No action taken.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> No action taken.
Infikované soubory:
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (Trojan.FakeAlert.H) -> No action taken.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1456\budau44.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\reader_s.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> No action taken.
C:\Program Files\Internet Explorer\wmpscfgs.exe (Trojan.Downloader) -> No action taken.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo .exe (Backdoor.Bot) -> No action taken.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.B) -> No action taken.
C:\RECYCLER\S-1-5-21-8275360423-6910829324-162253946-6236\wnzip32.exe (Worm.Autorun.B) -> No action taken.
C:\WINDOWS\system32\-CWZsK.exe (Adware.AdRotator) -> No action taken.
C:\WINDOWS\system32\app_dll.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\kbdsock.dll (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\reader_s .exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\mshlps.dll (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\drivers\yxuucvw.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\036.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\044.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\139.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\crxt.exe (Backdoor.Bot.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\657.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\6dbc0ac8.tmp (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\715.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\731.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\875.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\ukkan.exe (Backdoor.Bot.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\nieo.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\958.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\e751af1c.tmp (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\rstrerc.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\f8796062 .exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\wmpscfgs.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\ldm1.exe (Adware.Agent) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\316.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\340.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\445.exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temp\_tc\DVDFab Platinum 6.2.1.8\hdashcut.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\user\hdashcut .exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\user\hdashcut.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\user\reader_s .exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\reader_s.exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\20KLWS5K\r32netsh[1].exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AUPY00PS\loaderadv563[1].exe (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AUPY00PS\buda3[1].exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AUPY00PS\pr3xy[1].exe (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O6DZJPO3\arzuoz[2].htm (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O6DZJPO3\ycpxe[1].htm (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O6DZJPO3\ycpxe[2].htm (Malware.Packer.Gen) -> No action taken.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O6DZJPO3\ysautnmg[1].htm (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> No action taken.
C:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> No action taken.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> No action taken.
C:\Program Files\Adobe\acrotray .exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\ccdrive32.exe (Backdoor.IRCBot) -> No action taken.
Re: prosím o kontrolu logu
na tu stránku kde bych si stáhl něco na ten symantec jsem se vůbec nedostal
Re: prosím o kontrolu logu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:51, on 14.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\ati technologies\ati control panel\atiptaxx .exe
c:\program files\creative\creative zen\zen media explorer\ctcheck .exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\DOCUME~1\user\LOCALS~1\Temp\setupv.exe
c:\program files\java\jre6\bin\jusched .exe
c:\program files\eset\eset smart security\egui .exe
c:\program files\creative\sync manager unicode\ctsyncu .exe
c:\program files\microsoft office\office12\groovemonitor .exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\user\reader_s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\user\reader_s.exe
O4 - HKCU\..\Run: [puda4] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1456\budau44.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98882f7af9498) (gupdate1c98882f7af9498) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing)
--
End of file - 9160 bytes
Scan saved at 13:13:51, on 14.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\ati technologies\ati control panel\atiptaxx .exe
c:\program files\creative\creative zen\zen media explorer\ctcheck .exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\DOCUME~1\user\LOCALS~1\Temp\setupv.exe
c:\program files\java\jre6\bin\jusched .exe
c:\program files\eset\eset smart security\egui .exe
c:\program files\creative\sync manager unicode\ctsyncu .exe
c:\program files\microsoft office\office12\groovemonitor .exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\user\reader_s.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\user\reader_s.exe
O4 - HKCU\..\Run: [puda4] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1456\budau44.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98882f7af9498) (gupdate1c98882f7af9498) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing)
--
End of file - 9160 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu
ftp://ftp.symantec.com/public/english_u ... l_Tool.exe
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Vypni rez. ochrany antiviru+deaktivuj firewall.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Vypni rez. ochrany antiviru+deaktivuj firewall.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu logu
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3737
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
14.2.2010 18:16:58
mbam-log-2010-02-14 (18-16-58).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 130051
Uplynulý čas: 16 minute(s), 53 second(s)
Infikované procesy v paměti: 3
Infikované moduly v paměti: 1
Infikované klíče registru: 11
Infikované hodnoty registru: 8
Infikované datové položky registru: 5
Infikované adresáře: 2
Infikované soubory: 58
Infikované procesy v paměti:
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\reader_s.exe (Malware.Packer.Gen) -> Unloaded process successfully.
C:\Documents and Settings\user\reader_s.exe (Malware.Packer.Gen) -> Unloaded process successfully.
Infikované moduly v paměti:
C:\WINDOWS\system32\msxsltsso.dll (Trojan.Agent) -> Delete on reboot.
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{fe5b2d9d-91b0-b04b-ac20-14a260769687} (Adware.ColorSoft) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\-cwzsk (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bceb2549-a61e-4d88-922c-5884f2a35657} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\atipta (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\puda4 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Delete on reboot.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: c:\windows\system32\kbdsock.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: system32\kbdsock.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Infikované adresáře:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované soubory:
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1456\budau44.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1456\budau44 .exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo .exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-8275360423-6910829324-162253946-6236\wnzip32.exe (Worm.Autorun.B) -> Delete on reboot.
C:\WINDOWS\system32\-CWZsK.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\app_dll.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbdsock.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s .exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mshlps.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\yxuucvw.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\user\Local Settings\Temp\017.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\036.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\044.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\139.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\crxt.exe (Backdoor.Bot.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\657.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\715.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\731.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\875.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\ukkan.exe (Backdoor.Bot.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nieo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\901512ae.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\958.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\rstrerc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\f8796062 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\ldm1.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\316.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\340.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\445.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\_tc\DVDFab Platinum 6.2.1.8\hdashcut.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\hdashcut .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\hdashcut.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\reader_s .exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\reader_s.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\20KLWS5K\r32netsh[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\20KLWS5K\ycpxe[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\20KLWS5K\ysautnmg[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AUPY00PS\loaderadv563[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AUPY00PS\buda3[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AUPY00PS\pr3xy[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O6DZJPO3\hyxrmxs[1].htm (Backdoor.Bot.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O6DZJPO3\ycpxe[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O6DZJPO3\ysautnmg[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxsltsso.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
C:\Program Files\Adobe\acrotray .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ccdrive32.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
napsal že se nepodařilo všechno odstranit , že se to odstraní až po restartování pc tak jdu na restart a pak ještě udělám ten combofix
Verze databáze: 3737
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
14.2.2010 18:16:58
mbam-log-2010-02-14 (18-16-58).txt
Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 130051
Uplynulý čas: 16 minute(s), 53 second(s)
Infikované procesy v paměti: 3
Infikované moduly v paměti: 1
Infikované klíče registru: 11
Infikované hodnoty registru: 8
Infikované datové položky registru: 5
Infikované adresáře: 2
Infikované soubory: 58
Infikované procesy v paměti:
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\reader_s.exe (Malware.Packer.Gen) -> Unloaded process successfully.
C:\Documents and Settings\user\reader_s.exe (Malware.Packer.Gen) -> Unloaded process successfully.
Infikované moduly v paměti:
C:\WINDOWS\system32\msxsltsso.dll (Trojan.Agent) -> Delete on reboot.
Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{fe5b2d9d-91b0-b04b-ac20-14a260769687} (Adware.ColorSoft) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\-cwzsk (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bceb2549-a61e-4d88-922c-5884f2a35657} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\atipta (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\puda4 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Delete on reboot.
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: c:\windows\system32\kbdsock.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: system32\kbdsock.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
Infikované adresáře:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované soubory:
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1456\budau44.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1456\budau44 .exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo .exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-8275360423-6910829324-162253946-6236\wnzip32.exe (Worm.Autorun.B) -> Delete on reboot.
C:\WINDOWS\system32\-CWZsK.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\app_dll.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kbdsock.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reader_s .exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mshlps.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\yxuucvw.sys (Rootkit.Agent) -> Delete on reboot.
C:\Documents and Settings\user\Local Settings\Temp\017.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\036.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\044.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\139.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\crxt.exe (Backdoor.Bot.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\657.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\715.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\731.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\875.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\ukkan.exe (Backdoor.Bot.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\nieo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\901512ae.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\958.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\rstrerc.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\f8796062 .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\wmpscfgs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\ldm1.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\316.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\340.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\445.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\_tc\DVDFab Platinum 6.2.1.8\hdashcut.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\hdashcut .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\hdashcut.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\reader_s .exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\reader_s.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\20KLWS5K\r32netsh[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\20KLWS5K\ycpxe[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\20KLWS5K\ysautnmg[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AUPY00PS\loaderadv563[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AUPY00PS\buda3[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\AUPY00PS\pr3xy[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O6DZJPO3\hyxrmxs[1].htm (Backdoor.Bot.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O6DZJPO3\ycpxe[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\O6DZJPO3\ysautnmg[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxsltsso.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
C:\Program Files\Adobe\acrotray .exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uses32.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ccdrive32.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
napsal že se nepodařilo všechno odstranit , že se to odstraní až po restartování pc tak jdu na restart a pak ještě udělám ten combofix
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu
Jo , to je normální , něco se smaže až po restartu ( delete on reboot.)
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu logu
ComboFix 10-02-12.01 - user 14.02.2010 18:45:38.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1584 [GMT 1:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\recycler\S-1-5-21-0115748993-2115803266-133666215-3497
c:\recycler\S-1-5-21-0243556031-888888379-781863308-1456
c:\recycler\S-1-5-21-0653242019-9548020221-507803732-6109
c:\recycler\S-1-5-21-3802797319-6785039884-155427189-0746
c:\recycler\S-1-5-21-3837144041-2847849578-893297521-9795
c:\recycler\S-1-5-21-3899295254-5355755001-655602802-9651
c:\recycler\S-1-5-21-5192584209-3217521340-764469602-3309
c:\recycler\S-1-5-21-6660533085-7299752004-178516429-6659
c:\recycler\S-1-5-21-7803834850-6516052015-050679768-6508
c:\recycler\S-1-5-21-8275360423-6910829324-162253946-6236
c:\recycler\S-1-5-21-8740976738-8156363197-484698729-2978
c:\recycler\S-1-5-21-8898346365-4291365786-849642784-5337
c:\windows\ccdrive32 .exe
c:\windows\regedit.com
c:\windows\system32\ctfmon .exe
c:\windows\system32\msconfig.exe
c:\windows\system32\taskmgr.com
Nakažená kopie c:\windows\system32\drivers\ndis.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\ndis.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.
2010-02-14 17:26 . 2010-02-14 17:26 55808 ----a-w- c:\documents and settings\user\hdashcut.exe
2010-02-14 13:14 . 2010-02-14 13:14 -------- d---a-w- c:\windows\rundll16.exe
2010-02-14 13:14 . 2010-02-14 13:14 -------- d---a-w- c:\windows\logo1_.exe
2010-02-14 12:58 . 2010-02-14 12:58 52736 ----a-w- c:\windows\system32\w30Xnol32.exe
2010-02-14 12:58 . 2010-02-14 12:58 1696 ----a-w- c:\windows\system32\s30Xn32.dll
2010-02-13 22:44 . 2010-02-13 22:44 -------- d---a-w- c:\windows\VDLL.DLL
2010-02-13 22:44 . 2010-02-13 22:44 -------- d---a-w- c:\windows\system32\runouce.exe
2010-02-13 22:44 . 2010-02-13 22:44 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-02-13 22:44 . 2010-02-13 22:44 -------- d---a-w- c:\windows\logo_1.exe
2010-02-13 22:34 . 2009-10-28 17:45 626688 ----a-w- c:\windows\system32\msvcr80.dll
2010-02-13 22:34 . 2009-10-28 17:45 548864 ----a-w- c:\windows\system32\msvcp80.dll
2010-02-13 22:34 . 2010-02-13 22:34 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-02-13 22:33 . 2010-02-13 22:33 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-02-13 16:19 . 2010-02-14 17:58 791552 ----a-w- c:\windows\system32\drivers\yxuucvw.sys
2010-01-24 15:16 . 2010-01-24 15:16 -------- d-----w- c:\program files\Adobe Media Player
2010-01-24 15:10 . 2010-01-24 15:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-24 14:59 . 2010-01-24 14:59 -------- d-----w- c:\program files\Common Files\Macrovision Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 17:29 . 2001-10-25 10:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2010-02-14 17:29 . 2001-10-25 10:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2010-02-14 17:26 . 2010-02-14 17:26 55808 ----a-w- c:\documents and settings\user\hdashcut .exe
2010-02-14 09:14 . 2009-06-08 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-14 08:28 . 2008-12-28 13:30 -------- d-----w- c:\program files\ESET
2010-02-13 15:40 . 2008-11-28 16:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-08 15:14 . 2009-01-11 10:06 -------- d-----w- c:\program files\Google
2010-01-24 15:19 . 2008-11-19 15:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-07 15:07 . 2009-04-01 19:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-04-01 19:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2004-08-03 20:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-17 12:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-11-19 15:02 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 12:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-17 12:45 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-03 20:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-17 12:49 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 10:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 12:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 12:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-21 16:03 . 2004-08-17 12:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2010-02-14 55808]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2010-02-14 55808]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2006-02-26 61952]
"Cmaudio"="cmicnfg.cpl" [N/A]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2010-02-14 55808]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-14 55808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2010-02-14 55808]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-02-14 55808]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [2010-02-14 55808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-21 113664]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"h:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26224:TCP"= 26224:TCP:BitComet 26224 TCP
"26224:UDP"= 26224:UDP:BitComet 26224 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 iastor70;iastor70;c:\windows\system32\drivers\iaStor70.sys [4.2.2008 16:11 277784]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [4.2.2008 16:11 26112]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [24.10.2008 20:51 468224]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [22.11.2008 11:44 1275584]
S0 si3114;si3114;c:\windows\system32\drivers\si3114.sys [4.2.2008 16:11 61952]
S2 gupdate1c98882f7af9498;Google Update Service (gupdate1c98882f7af9498);c:\program files\Google\Update\GoogleUpdate.exe [6.2.2009 18:47 133104]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - yxuucvw
.
Obsah adresáře 'Naplánované úlohy'
2010-02-14 c:\windows\Tasks\At1.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At10.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At11.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At12.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At13.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At14.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At15.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At16.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At17.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At18.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At19.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At2.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At20.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At21.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At22.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At23.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At24.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At3.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At4.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At5.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At6.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At7.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At8.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At9.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 17:47]
2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 17:47]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\c5178bkx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - hxxp://www3.iamwired.net/
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files\Mozilla Firefox\extensions\{88714d9a-9b19-2607-a4f6-297d561afe88}\components\-M4FMagHLq7g.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 18:57
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yxuucvw]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-57989841-1645522239-1417001333-1003\SOFTWARE\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-57989841-1645522239-1417001333-1003\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:66,3a,5a,d4,96,05,55,93,96,97,65,f6,2f,ce,5d,d8,b3,53,ff,7f,4b,4a,c8,
29,ac,12,6c,ac,90,3b,8a,d0,80,36,b5,e3,6b,a5,d5,b8,1b,5d,1e,9a,19,40,11,35,\
"??"=hex:86,60,e3,1a,64,25,b1,92,93,11,c2,24,d3,b4,f2,87
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1616)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(1472)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\RunDll32.exe
c:\program files\creative\sync manager unicode\ctsyncu .exe
c:\program files\microsoft office\office12\groovemonitor .exe
c:\program files\eset\eset smart security\egui .exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-02-14 19:05:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-14 18:05
Před spuštěním: 8 706 584 576
Po spuštění: Volných bajtů: 11 706 421 248
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 40402EFFC86B8D938EDC8F7CEACB893F
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1584 [GMT 1:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\recycler\S-1-5-21-0115748993-2115803266-133666215-3497
c:\recycler\S-1-5-21-0243556031-888888379-781863308-1456
c:\recycler\S-1-5-21-0653242019-9548020221-507803732-6109
c:\recycler\S-1-5-21-3802797319-6785039884-155427189-0746
c:\recycler\S-1-5-21-3837144041-2847849578-893297521-9795
c:\recycler\S-1-5-21-3899295254-5355755001-655602802-9651
c:\recycler\S-1-5-21-5192584209-3217521340-764469602-3309
c:\recycler\S-1-5-21-6660533085-7299752004-178516429-6659
c:\recycler\S-1-5-21-7803834850-6516052015-050679768-6508
c:\recycler\S-1-5-21-8275360423-6910829324-162253946-6236
c:\recycler\S-1-5-21-8740976738-8156363197-484698729-2978
c:\recycler\S-1-5-21-8898346365-4291365786-849642784-5337
c:\windows\ccdrive32 .exe
c:\windows\regedit.com
c:\windows\system32\ctfmon .exe
c:\windows\system32\msconfig.exe
c:\windows\system32\taskmgr.com
Nakažená kopie c:\windows\system32\drivers\ndis.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\ndis.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.
2010-02-14 17:26 . 2010-02-14 17:26 55808 ----a-w- c:\documents and settings\user\hdashcut.exe
2010-02-14 13:14 . 2010-02-14 13:14 -------- d---a-w- c:\windows\rundll16.exe
2010-02-14 13:14 . 2010-02-14 13:14 -------- d---a-w- c:\windows\logo1_.exe
2010-02-14 12:58 . 2010-02-14 12:58 52736 ----a-w- c:\windows\system32\w30Xnol32.exe
2010-02-14 12:58 . 2010-02-14 12:58 1696 ----a-w- c:\windows\system32\s30Xn32.dll
2010-02-13 22:44 . 2010-02-13 22:44 -------- d---a-w- c:\windows\VDLL.DLL
2010-02-13 22:44 . 2010-02-13 22:44 -------- d---a-w- c:\windows\system32\runouce.exe
2010-02-13 22:44 . 2010-02-13 22:44 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-02-13 22:44 . 2010-02-13 22:44 -------- d---a-w- c:\windows\logo_1.exe
2010-02-13 22:34 . 2009-10-28 17:45 626688 ----a-w- c:\windows\system32\msvcr80.dll
2010-02-13 22:34 . 2009-10-28 17:45 548864 ----a-w- c:\windows\system32\msvcp80.dll
2010-02-13 22:34 . 2010-02-13 22:34 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-02-13 22:33 . 2010-02-13 22:33 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-02-13 16:19 . 2010-02-14 17:58 791552 ----a-w- c:\windows\system32\drivers\yxuucvw.sys
2010-01-24 15:16 . 2010-01-24 15:16 -------- d-----w- c:\program files\Adobe Media Player
2010-01-24 15:10 . 2010-01-24 15:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-24 14:59 . 2010-01-24 14:59 -------- d-----w- c:\program files\Common Files\Macrovision Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 17:29 . 2001-10-25 10:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2010-02-14 17:29 . 2001-10-25 10:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2010-02-14 17:26 . 2010-02-14 17:26 55808 ----a-w- c:\documents and settings\user\hdashcut .exe
2010-02-14 09:14 . 2009-06-08 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-14 08:28 . 2008-12-28 13:30 -------- d-----w- c:\program files\ESET
2010-02-13 15:40 . 2008-11-28 16:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-08 15:14 . 2009-01-11 10:06 -------- d-----w- c:\program files\Google
2010-01-24 15:19 . 2008-11-19 15:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-07 15:07 . 2009-04-01 19:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-04-01 19:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2004-08-03 20:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-17 12:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-11-19 15:02 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 12:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-17 12:45 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-03 20:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-17 12:49 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 10:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 12:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 12:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-21 16:03 . 2004-08-17 12:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
Kód: Vybrat vše
<pre>
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\cs4servicemanager .exe
c:\program files\Common Files\Ahead\Lib\nerocheck .exe
c:\program files\Common Files\Ahead\Lib\nmbgmonitor .exe
c:\program files\Creative\Creative ZEN\ZEN Media Explorer\ctcheck .exe
c:\program files\Creative\Sync Manager Unicode\ctsyncu .exe
c:\program files\ESET\ESET Smart Security\egui .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
</pre>(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2010-02-14 55808]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2010-02-14 55808]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2006-02-26 61952]
"Cmaudio"="cmicnfg.cpl" [N/A]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2010-02-14 55808]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-14 55808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2010-02-14 55808]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-02-14 55808]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [2010-02-14 55808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-21 113664]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"h:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26224:TCP"= 26224:TCP:BitComet 26224 TCP
"26224:UDP"= 26224:UDP:BitComet 26224 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 iastor70;iastor70;c:\windows\system32\drivers\iaStor70.sys [4.2.2008 16:11 277784]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [4.2.2008 16:11 26112]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [24.10.2008 20:51 468224]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [22.11.2008 11:44 1275584]
S0 si3114;si3114;c:\windows\system32\drivers\si3114.sys [4.2.2008 16:11 61952]
S2 gupdate1c98882f7af9498;Google Update Service (gupdate1c98882f7af9498);c:\program files\Google\Update\GoogleUpdate.exe [6.2.2009 18:47 133104]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [?]
--- Ostatní služby/ovladače v paměti ---
*Deregistered* - yxuucvw
.
Obsah adresáře 'Naplánované úlohy'
2010-02-14 c:\windows\Tasks\At1.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At10.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At11.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At12.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At13.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At14.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At15.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At16.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At17.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At18.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At19.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At2.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At20.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At21.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At22.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At23.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At24.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At3.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At4.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At5.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At6.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At7.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At8.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\At9.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 17:59]
2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 17:47]
2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 17:47]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\c5178bkx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - hxxp://www3.iamwired.net/
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files\Mozilla Firefox\extensions\{88714d9a-9b19-2607-a4f6-297d561afe88}\components\-M4FMagHLq7g.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 18:57
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yxuucvw]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-57989841-1645522239-1417001333-1003\SOFTWARE\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-57989841-1645522239-1417001333-1003\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:66,3a,5a,d4,96,05,55,93,96,97,65,f6,2f,ce,5d,d8,b3,53,ff,7f,4b,4a,c8,
29,ac,12,6c,ac,90,3b,8a,d0,80,36,b5,e3,6b,a5,d5,b8,1b,5d,1e,9a,19,40,11,35,\
"??"=hex:86,60,e3,1a,64,25,b1,92,93,11,c2,24,d3,b4,f2,87
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1616)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(1472)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\RunDll32.exe
c:\program files\creative\sync manager unicode\ctsyncu .exe
c:\program files\microsoft office\office12\groovemonitor .exe
c:\program files\eset\eset smart security\egui .exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-02-14 19:05:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-14 18:05
Před spuštěním: 8 706 584 576
Po spuštění: Volných bajtů: 11 706 421 248
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 40402EFFC86B8D938EDC8F7CEACB893F
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43295
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosím o kontrolu logu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko u nezobrazovat systémové soubory.
Toto otestuj na Virustotal
c:\windows\system32\drivers\ndis.sys
c:\windows\system32\w30Xnol32.exe
c:\windows\system32\s30Xn32.dll
Vlož sem pak odkazy na stránky s výsledky.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\windows\VDLL.DLL
c:\windows\system32\drivers\yxuucvw.sys
c:\program files\internet explorer\wmpscfgs.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
Folder::
c:\windows\system32\runouce.exe
c:\program files\Common Files\Symantec Shared
Driver::
EraserUtilDrv10741
Yxuucvw
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yxuucvw]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
Firefox::
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\c5178bkx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - hxxp://www3.iamwired.net/
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko u nezobrazovat systémové soubory.
Toto otestuj na Virustotal
c:\windows\system32\drivers\ndis.sys
c:\windows\system32\w30Xnol32.exe
c:\windows\system32\s30Xn32.dll
Vlož sem pak odkazy na stránky s výsledky.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosím o kontrolu logu
ComboFix 10-02-12.01 - user 14.02.2010 21:07:55.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1574 [GMT 1:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FILE ::
"c:\program files\internet explorer\wmpscfgs.exe"
"c:\windows\system32\drivers\yxuucvw.sys"
"c:\windows\Tasks\At1.job"
"c:\windows\Tasks\At10.job"
"c:\windows\Tasks\At11.job"
"c:\windows\Tasks\At12.job"
"c:\windows\Tasks\At13.job"
"c:\windows\Tasks\At14.job"
"c:\windows\Tasks\At15.job"
"c:\windows\Tasks\At16.job"
"c:\windows\Tasks\At17.job"
"c:\windows\Tasks\At18.job"
"c:\windows\Tasks\At19.job"
"c:\windows\Tasks\At2.job"
"c:\windows\Tasks\At20.job"
"c:\windows\Tasks\At21.job"
"c:\windows\Tasks\At22.job"
"c:\windows\Tasks\At23.job"
"c:\windows\Tasks\At24.job"
"c:\windows\Tasks\At3.job"
"c:\windows\Tasks\At4.job"
"c:\windows\Tasks\At5.job"
"c:\windows\Tasks\At6.job"
"c:\windows\Tasks\At7.job"
"c:\windows\Tasks\At8.job"
"c:\windows\Tasks\At9.job"
"c:\windows\VDLL.DLL"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user\hdashcut .exe
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs .exe
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\system32\drivers\yxuucvw.sys
c:\windows\system32\runouce.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ERASERUTILDRV10741
-------\Legacy_YXUUCVW
-------\Service_EraserUtilDrv10741
-------\Service_yxuucvw
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.
2010-02-14 17:26 . 2010-02-14 19:24 55808 ----a-w- c:\documents and settings\user\hdashcut.exe
2010-02-14 13:14 . 2010-02-14 13:14 -------- d---a-w- c:\windows\rundll16.exe
2010-02-14 13:14 . 2010-02-14 13:14 -------- d---a-w- c:\windows\logo1_.exe
2010-02-14 12:58 . 2010-02-14 12:58 52736 ----a-w- c:\windows\system32\w30Xnol32.exe
2010-02-14 12:58 . 2010-02-14 12:58 1696 ----a-w- c:\windows\system32\s30Xn32.dll
2010-02-13 22:44 . 2010-02-13 22:44 -------- d---a-w- c:\windows\VDLL.DLL
2010-02-13 22:44 . 2010-02-13 22:44 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-02-13 22:44 . 2010-02-13 22:44 -------- d---a-w- c:\windows\logo_1.exe
2010-02-13 22:34 . 2009-10-28 17:45 626688 ----a-w- c:\windows\system32\msvcr80.dll
2010-02-13 22:34 . 2009-10-28 17:45 548864 ----a-w- c:\windows\system32\msvcp80.dll
2010-02-13 22:34 . 2010-02-13 22:34 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-02-13 22:33 . 2010-02-13 22:33 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-24 15:16 . 2010-01-24 15:16 -------- d-----w- c:\program files\Adobe Media Player
2010-01-24 15:10 . 2010-01-24 15:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-24 14:59 . 2010-01-24 14:59 -------- d-----w- c:\program files\Common Files\Macrovision Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 19:27 . 2001-10-25 10:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2010-02-14 19:27 . 2001-10-25 10:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2010-02-14 19:24 . 2010-02-14 17:26 55808 ----a-w- c:\documents and settings\user\hdashcut .exe
2010-02-14 09:14 . 2009-06-08 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-14 08:28 . 2008-12-28 13:30 -------- d-----w- c:\program files\ESET
2010-02-13 15:40 . 2008-11-28 16:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-08 15:14 . 2009-01-11 10:06 -------- d-----w- c:\program files\Google
2010-01-24 15:19 . 2008-11-19 15:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-07 15:07 . 2009-04-01 19:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-04-01 19:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2004-08-03 20:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-17 12:49 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-11-19 15:02 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 12:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-17 12:45 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-03 20:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-17 12:49 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 10:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 12:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 12:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-21 16:03 . 2004-08-17 12:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2010-02-14 55808]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2010-02-14 55808]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2006-02-26 61952]
"Cmaudio"="cmicnfg.cpl" [N/A]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2010-02-14 55808]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-14 55808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2010-02-14 55808]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-02-14 55808]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [2010-02-14 55808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-21 113664]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"h:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26224:TCP"= 26224:TCP:BitComet 26224 TCP
"26224:UDP"= 26224:UDP:BitComet 26224 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 iastor70;iastor70;c:\windows\system32\drivers\iaStor70.sys [4.2.2008 16:11 277784]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [4.2.2008 16:11 26112]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [24.10.2008 20:51 468224]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [22.11.2008 11:44 1275584]
S0 si3114;si3114;c:\windows\system32\drivers\si3114.sys [4.2.2008 16:11 61952]
S2 gupdate1c98882f7af9498;Google Update Service (gupdate1c98882f7af9498);c:\program files\Google\Update\GoogleUpdate.exe [6.2.2009 18:47 133104]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-14 c:\windows\Tasks\At1.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At10.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At11.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At12.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At13.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At14.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At15.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At16.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At17.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At18.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At19.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At2.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At20.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At21.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At22.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At23.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At24.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At3.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At4.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At5.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At6.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At7.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At8.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At9.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 17:47]
2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 17:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\c5178bkx.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{88714d9a-9b19-2607-a4f6-297d561afe88}\components\-M4FMagHLq7g.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 21:21
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-57989841-1645522239-1417001333-1003\SOFTWARE\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-57989841-1645522239-1417001333-1003\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:66,3a,5a,d4,96,05,55,93,96,97,65,f6,2f,ce,5d,d8,b3,53,ff,7f,4b,4a,c8,
29,ac,12,6c,ac,90,3b,8a,d0,80,36,b5,e3,6b,a5,d5,b8,1b,5d,1e,9a,19,40,11,35,\
"??"=hex:86,60,e3,1a,64,25,b1,92,93,11,c2,24,d3,b4,f2,87
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1604)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(3376)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\RunDll32.exe
c:\program files\microsoft office\office12\groovemonitor .exe
c:\program files\eset\eset smart security\egui .exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\creative\sync manager unicode\ctsyncu .exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-02-14 21:27:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-14 20:27
ComboFix2.txt 2010-02-14 18:05
Před spuštěním: Volných bajtů: 11 700 543 488
Po spuštění: Volných bajtů: 11 574 267 904
- - End Of File - - F8E5439C57A06DB40E4857617CA9490C
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1574 [GMT 1:00]
Spuštěný z: c:\documents and settings\user\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\user\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FILE ::
"c:\program files\internet explorer\wmpscfgs.exe"
"c:\windows\system32\drivers\yxuucvw.sys"
"c:\windows\Tasks\At1.job"
"c:\windows\Tasks\At10.job"
"c:\windows\Tasks\At11.job"
"c:\windows\Tasks\At12.job"
"c:\windows\Tasks\At13.job"
"c:\windows\Tasks\At14.job"
"c:\windows\Tasks\At15.job"
"c:\windows\Tasks\At16.job"
"c:\windows\Tasks\At17.job"
"c:\windows\Tasks\At18.job"
"c:\windows\Tasks\At19.job"
"c:\windows\Tasks\At2.job"
"c:\windows\Tasks\At20.job"
"c:\windows\Tasks\At21.job"
"c:\windows\Tasks\At22.job"
"c:\windows\Tasks\At23.job"
"c:\windows\Tasks\At24.job"
"c:\windows\Tasks\At3.job"
"c:\windows\Tasks\At4.job"
"c:\windows\Tasks\At5.job"
"c:\windows\Tasks\At6.job"
"c:\windows\Tasks\At7.job"
"c:\windows\Tasks\At8.job"
"c:\windows\Tasks\At9.job"
"c:\windows\VDLL.DLL"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user\hdashcut .exe
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs .exe
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\system32\drivers\yxuucvw.sys
c:\windows\system32\runouce.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ERASERUTILDRV10741
-------\Legacy_YXUUCVW
-------\Service_EraserUtilDrv10741
-------\Service_yxuucvw
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.
2010-02-14 17:26 . 2010-02-14 19:24 55808 ----a-w- c:\documents and settings\user\hdashcut.exe
2010-02-14 13:14 . 2010-02-14 13:14 -------- d---a-w- c:\windows\rundll16.exe
2010-02-14 13:14 . 2010-02-14 13:14 -------- d---a-w- c:\windows\logo1_.exe
2010-02-14 12:58 . 2010-02-14 12:58 52736 ----a-w- c:\windows\system32\w30Xnol32.exe
2010-02-14 12:58 . 2010-02-14 12:58 1696 ----a-w- c:\windows\system32\s30Xn32.dll
2010-02-13 22:44 . 2010-02-13 22:44 -------- d---a-w- c:\windows\VDLL.DLL
2010-02-13 22:44 . 2010-02-13 22:44 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-02-13 22:44 . 2010-02-13 22:44 -------- d---a-w- c:\windows\logo_1.exe
2010-02-13 22:34 . 2009-10-28 17:45 626688 ----a-w- c:\windows\system32\msvcr80.dll
2010-02-13 22:34 . 2009-10-28 17:45 548864 ----a-w- c:\windows\system32\msvcp80.dll
2010-02-13 22:34 . 2010-02-13 22:34 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-02-13 22:33 . 2010-02-13 22:33 -------- d-----w- c:\program files\Common Files\MicroWorld
2010-01-24 15:16 . 2010-01-24 15:16 -------- d-----w- c:\program files\Adobe Media Player
2010-01-24 15:10 . 2010-01-24 15:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-24 14:59 . 2010-01-24 14:59 -------- d-----w- c:\program files\Common Files\Macrovision Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 19:27 . 2001-10-25 10:00 79040 ----a-w- c:\windows\system32\perfc005.dat
2010-02-14 19:27 . 2001-10-25 10:00 431998 ----a-w- c:\windows\system32\perfh005.dat
2010-02-14 19:24 . 2010-02-14 17:26 55808 ----a-w- c:\documents and settings\user\hdashcut .exe
2010-02-14 09:14 . 2009-06-08 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-14 08:28 . 2008-12-28 13:30 -------- d-----w- c:\program files\ESET
2010-02-13 15:40 . 2008-11-28 16:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-08 15:14 . 2009-01-11 10:06 -------- d-----w- c:\program files\Google
2010-01-24 15:19 . 2008-11-19 15:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-07 15:07 . 2009-04-01 19:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-04-01 19:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2004-08-03 20:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2004-08-17 12:49 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-11-19 15:02 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-08-17 12:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2004-08-17 12:45 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-03 20:15 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-08-17 12:49 1294336 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2001-10-25 10:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-17 12:49 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 12:49 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-21 16:03 . 2004-08-17 12:49 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
Kód: Vybrat vše
<pre>
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\cs4servicemanager .exe
c:\program files\Common Files\Ahead\Lib\nerocheck .exe
c:\program files\Common Files\Ahead\Lib\nmbgmonitor .exe
c:\program files\Creative\Creative ZEN\ZEN Media Explorer\ctcheck .exe
c:\program files\Creative\Sync Manager Unicode\ctsyncu .exe
c:\program files\ESET\ESET Smart Security\egui .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
</pre>(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2010-02-14 55808]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2010-02-14 55808]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAShCut.exe" [2006-02-26 61952]
"Cmaudio"="cmicnfg.cpl" [N/A]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2010-02-14 55808]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-02-14 55808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2010-02-14 55808]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-02-14 55808]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [2010-02-14 55808]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-21 113664]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"h:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26224:TCP"= 26224:TCP:BitComet 26224 TCP
"26224:UDP"= 26224:UDP:BitComet 26224 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 iastor70;iastor70;c:\windows\system32\drivers\iaStor70.sys [4.2.2008 16:11 277784]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [4.2.2008 16:11 26112]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [24.10.2008 20:51 468224]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [22.11.2008 11:44 1275584]
S0 si3114;si3114;c:\windows\system32\drivers\si3114.sys [4.2.2008 16:11 61952]
S2 gupdate1c98882f7af9498;Google Update Service (gupdate1c98882f7af9498);c:\program files\Google\Update\GoogleUpdate.exe [6.2.2009 18:47 133104]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-14 c:\windows\Tasks\At1.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At10.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At11.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At12.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At13.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At14.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At15.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At16.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At17.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At18.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At19.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At2.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At20.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At21.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At22.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At23.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At24.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At3.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At4.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At5.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At6.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At7.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At8.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\At9.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-14 20:22]
2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 17:47]
2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 17:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://google.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\documents and settings\user\Data aplikací\Mozilla\Firefox\Profiles\c5178bkx.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{88714d9a-9b19-2607-a4f6-297d561afe88}\components\-M4FMagHLq7g.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 21:21
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-57989841-1645522239-1417001333-1003\SOFTWARE\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-57989841-1645522239-1417001333-1003\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:66,3a,5a,d4,96,05,55,93,96,97,65,f6,2f,ce,5d,d8,b3,53,ff,7f,4b,4a,c8,
29,ac,12,6c,ac,90,3b,8a,d0,80,36,b5,e3,6b,a5,d5,b8,1b,5d,1e,9a,19,40,11,35,\
"??"=hex:86,60,e3,1a,64,25,b1,92,93,11,c2,24,d3,b4,f2,87
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(1604)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(3376)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\RunDll32.exe
c:\program files\microsoft office\office12\groovemonitor .exe
c:\program files\eset\eset smart security\egui .exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\creative\sync manager unicode\ctsyncu .exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-02-14 21:27:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-14 20:27
ComboFix2.txt 2010-02-14 18:05
Před spuštěním: Volných bajtů: 11 700 543 488
Po spuštění: Volných bajtů: 11 574 267 904
- - End Of File - - F8E5439C57A06DB40E4857617CA9490C
Re: prosím o kontrolu logu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:58, on 14.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
c:\program files\microsoft office\office12\groovemonitor .exe
c:\program files\eset\eset smart security\egui .exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\creative\sync manager unicode\ctsyncu .exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_Reader] c:\program files\internet explorer\wmpscfgs.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98882f7af9498) (gupdate1c98882f7af9498) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing)
--
End of file - 7770 bytes
Scan saved at 21:28:58, on 14.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
c:\program files\microsoft office\office12\groovemonitor .exe
c:\program files\eset\eset smart security\egui .exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\creative\sync manager unicode\ctsyncu .exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_Reader] c:\program files\internet explorer\wmpscfgs.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://c:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/ ... TSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ ... /CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98882f7af9498) (gupdate1c98882f7af9498) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe (file missing)
--
End of file - 7770 bytes
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 99 hostů