Log je zde ... provedl jsem vse dle rad .. kapitáne ..
ComboFix 10-05-23.07 - Polki 24.05.2010 13:41:00.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3326.2712 [GMT 2:00]
Spuštěný z: e:\documents and settings\Polki\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-24 do 2010-05-24 )))))))))))))))))))))))))))))))
.
2010-05-23 20:21 . 2010-05-23 20:21 -------- d-----w- e:\program files\Microsoft Silverlight
2010-05-23 17:35 . 2010-05-23 17:11 15880 ----a-w- e:\windows\system32\lsdelete.exe
2010-05-23 17:34 . 2010-05-23 17:34 -------- d-----w- e:\documents and settings\LocalService\Plocha
2010-05-23 17:11 . 2009-10-23 21:19 64288 ----a-w- e:\windows\system32\drivers\Lbd.sys
2010-05-23 17:11 . 2010-05-23 17:11 93360 ----a-w- e:\windows\system32\drivers\SBREDrv.sys
2010-05-23 17:09 . 2010-05-23 17:09 -------- d-----w- e:\program files\Lavasoft
2010-05-22 19:31 . 2010-05-22 19:45 -------- d-----w- e:\program files\Garena
2010-05-22 18:37 . 2010-05-23 18:43 -------- d-----w- e:\program files\Windows
2010-05-19 15:28 . 2010-05-19 15:29 -------- d--h--w- e:\windows\system32\GroupPolicy
2010-05-19 15:25 . 2009-01-04 21:24 3411 ----a-w- e:\windows\system32\gpedInst.bat
2010-05-19 15:25 . 2008-04-14 01:11 73728 ----a-w- e:\windows\system32\fdeploy.dll
2010-05-19 15:25 . 2008-04-14 01:11 124928 ----a-w- e:\windows\system32\fde.dll
2010-05-19 15:25 . 2008-04-14 01:11 295936 ----a-w- e:\windows\system32\appmgr.dll
2010-05-19 15:25 . 2008-04-14 01:11 167936 ----a-w- e:\windows\system32\appmgmts.dll
2010-05-19 15:25 . 2008-04-14 01:09 566784 ----a-w- e:\windows\system32\gpedit.dll
2010-05-19 15:25 . 2008-04-14 01:11 199680 ----a-w- e:\windows\system32\gptext.dll
2010-05-16 15:28 . 2010-05-16 15:31 -------- d-----w- e:\program files\DAEMON Tools Lite
2010-05-02 18:32 . 2010-05-02 18:32 -------- d-----w- e:\program files\Common Files\COWON
2010-05-02 18:32 . 2010-05-02 18:32 -------- d-----w- e:\program files\JetAudio
2010-04-30 22:56 . 2010-04-30 22:56 -------- d-----w- e:\program files\Blender Foundation
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 11:38 . 2004-08-18 12:00 78076 ----a-w- e:\windows\system32\perfc005.dat
2010-05-24 11:38 . 2004-08-18 12:00 429080 ----a-w- e:\windows\system32\perfh005.dat
2010-05-23 16:53 . 2009-11-29 12:35 -------- d-----w- e:\program files\BitLord
2010-05-23 01:36 . 2010-04-02 21:39 22328 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2010-05-23 01:35 . 2010-04-02 21:39 103736 ----a-w- e:\windows\system32\PnkBstrB.exe
2010-05-22 22:35 . 2010-03-19 17:38 -------- d-----w- e:\program files\Hamachi
2010-05-22 19:21 . 2010-05-22 18:40 28625 ----a-w- e:\windows\Prefetch\tmpfile0.bat
2010-05-22 18:42 . 2010-05-22 21:30 153892 ----a-w- e:\windows\pchealth\helpctr\Config\Cache\Personal_32_1029.dat
2010-05-18 16:59 . 2009-11-28 17:27 -------- d--h--w- e:\program files\InstallShield Installation Information
2010-05-08 13:18 . 2010-04-03 14:23 -------- d-----w- e:\program files\GamePark
2010-05-06 04:18 . 2010-04-02 21:39 66872 ----a-w- e:\windows\system32\PnkBstrA.exe
2010-04-30 18:11 . 2009-11-28 17:46 -------- d-----w- e:\program files\Opera
2010-04-20 16:00 . 2009-12-13 06:39 -------- d-----w- e:\program files\CCleaner
2010-04-15 18:47 . 2009-11-28 17:27 -------- d-----w- e:\program files\Gigabyte
2010-04-10 22:22 . 2010-04-10 22:22 -------- d-----w- e:\program files\MySoftwareFolder
2010-04-10 19:32 . 2010-04-03 23:34 -------- d-----w- e:\program files\1C
2010-04-04 23:14 . 2010-04-04 23:14 -------- d--h--w- e:\program files\InstallJammer Registry
2010-04-04 16:35 . 2010-04-04 16:13 -------- d-----w- e:\program files\GameSpy Arcade
2010-04-04 15:49 . 2010-04-04 15:46 -------- d-----w- e:\program files\WolfRAT
2010-04-04 15:41 . 2009-12-14 12:59 25544 ----a-w- e:\windows\system32\drivers\hamachi.sys
2010-04-03 17:23 . 2010-04-03 17:23 278120 ----a-w- e:\windows\system32\nvmccs.dll
2010-04-03 17:23 . 2010-04-03 17:23 154216 ----a-w- e:\windows\system32\nvsvc32.exe
2010-04-03 17:23 . 2010-04-03 17:23 145000 ----a-w- e:\windows\system32\nvcolor.exe
2010-04-03 17:23 . 2010-04-03 17:23 13670504 ----a-w- e:\windows\system32\nvcpl.dll
2010-04-03 17:23 . 2010-04-03 17:23 110696 ----a-w- e:\windows\system32\nvmctray.dll
2010-04-03 17:23 . 2010-04-03 17:23 229376 ----a-w- e:\windows\system32\nvrszhc.dll
2010-04-03 17:23 . 2010-04-03 17:23 126976 ----a-w- e:\windows\system32\nvrszht.dll
2010-04-02 14:54 . 2009-11-28 17:37 600680 ----a-w- e:\windows\system32\NVUNINST.EXE
2010-03-31 06:23 . 2010-03-31 06:23 95872 ----a-w- e:\windows\system32\drivers\epfwtdir.sys
2010-03-31 06:22 . 2010-03-31 06:22 114984 ----a-w- e:\windows\system32\drivers\ehdrv.sys
2010-03-31 06:17 . 2010-03-31 06:17 140216 ----a-w- e:\windows\system32\drivers\eamon.sys
2010-03-29 20:04 . 2010-03-29 20:04 -------- d-----w- e:\program files\Common Files\Skype
2010-03-27 12:50 . 2010-03-18 09:08 664 ----a-w- e:\windows\system32\d3d9caps.dat
2010-03-06 15:43 . 2010-02-01 15:44 24944 -c--a-w- e:\windows\system32\drivers\GVTDrv.sys
2010-02-25 14:39 . 2010-02-25 14:39 21840 -c--a-w- e:\windows\system32\SIntfNT.dll
2010-02-25 14:39 . 2010-02-25 14:39 17212 -c--a-w- e:\windows\system32\SIntf32.dll
2010-02-25 14:39 . 2010-02-25 14:39 12067 -c--a-w- e:\windows\system32\SIntf16.dll
2008-03-09 06:25 . 2009-12-29 16:56 236 -c--a-w- e:\program files\Common Files\dx.reg
.
------- Sigcheck -------
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . e:\windows\system32\appmgmts.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"ISUSPM Startup"="e:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Game Edition Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\StrongDC++\\StrongDC.exe"=
"e:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"e:\\Program Files\\QIP\\qip.exe"=
"e:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\fpupdate.exe"=
"e:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\C&C3\\RetailExe\\1.2\\cnc3game.dat"=
"e:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jampDed.exe"=
"e:\\Program Files\\Gigabyte\\GBTUpd\\RunUpd.exe"=
"c:\\Program Files\\S.W.A.T. 4\\Content\\System\\Swat4.exe"=
"c:\\Program Files\\S.W.A.T. 4\\Content\\System\\Swat4DedicatedServer.exe"=
"e:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=
"f:\\Program Files\\PremiumSoft\\Navicat 8.2 MySQL\\navicat.exe"=
"e:\\Program Files\\PCNetSoftware\\RAC Server\\RACs.exe"=
"e:\\WINDOWS\\system32\\PnkBstrA.exe"=
"e:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitLord2\\BitLord.exe"=
"f:\\Program Files\\xchat\\xchat.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21000:TCP"= 21000:TCP:21000
"21000:UDP"= 21000:UDP:21000
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3306:TCP"= 3306:TCP:3306
"3306:UDP"= 3306:UDP:3306
R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [23.5.2010 19:11 64288]
R1 ehdrv;ehdrv;e:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;e:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23 810120]
R2 Lavasoft Ad-Aware Game Edition Service;Lavasoft Ad-Aware Game Edition Service;e:\program files\Lavasoft\Ad-Aware Game Edition\AAWService.exe [23.10.2009 23:55 1181328]
R2 RACDriver;RAC driver;e:\program files\PCNetSoftware\RAC Server\RACDriver.sys [6.3.2010 17:54 8208]
R3 racmirror;racmirror;e:\windows\system32\drivers\racmirror.sys [6.3.2010 17:54 32784]
S0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [29.11.2009 18:22 691696]
S1 SBRE;SBRE;e:\windows\system32\drivers\SBREDrv.sys [23.5.2010 19:11 93360]
S3 ASWLUSB;ASUS Wireless Link 802.11g 54Mbps USB 2.0 Network Adapter;e:\windows\system32\DRIVERS\asus_sp.sys --> e:\windows\system32\DRIVERS\asus_sp.sys [?]
S3 DrvAgent32;DrvAgent32;e:\windows\system32\drivers\DrvAgent32.sys [1.2.2010 17:08 23456]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable WDM;e:\windows\system32\drivers\vrtaucbl.sys [20.12.2009 21:18 24832]
S3 GarenaPEngine;GarenaPEngine;\??\e:\docume~1\Polki\LOCALS~1\Temp\QVS51F.tmp --> e:\docume~1\Polki\LOCALS~1\Temp\QVS51F.tmp [?]
S3 PAC207;Webcam 1200;e:\windows\system32\drivers\PFC027.SYS [13.3.2010 12:17 611584]
S3 SjyPkt;SjyPkt;\??\e:\windows\System32\Drivers\SjyPkt.sys --> e:\windows\System32\Drivers\SjyPkt.sys [?]
S4 AODService;AODService;e:\program files\AMD\OverDrive\AODAssist.exe [22.4.2009 13:01 124256]
S4 MySQL41;MySQL41;"e:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="e:\program files\MySQL\MySQL Server 5.0\my.ini" MySQL41 --> e:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt [?]
S4 MySQL501;MySQL501;"e:\program files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="e:\program files\MySQL\MySQL Server 5.1\my.ini" MySQL501 --> e:\program files\MySQL\MySQL Server 5.1\bin\mysqld [?]
S4 PCNetSoftware RAC Server;PCNetSoftware RAC Server;e:\program files\PCNetSoftware\RAC Server\RACs.exe [6.3.2010 17:54 3186688]
S4 WoW;WoW;"e:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt" --defaults-file="e:\program files\MySQL\MySQL Server 4.1\my.ini" WoW --> e:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt [?]
.
Obsah adresáře 'Naplánované úlohy'
2010-05-24 e:\windows\Tasks\Ad-Aware Update (Daily 1).job
- e:\program files\Lavasoft\Ad-Aware Game Edition\Ad-AwareAdmin.exe [2009-10-23 17:11]
2010-05-24 e:\windows\Tasks\Ad-Aware Update (Daily 2).job
- e:\program files\Lavasoft\Ad-Aware Game Edition\Ad-AwareAdmin.exe [2009-10-23 17:11]
2010-05-24 e:\windows\Tasks\Ad-Aware Update (Daily 3).job
- e:\program files\Lavasoft\Ad-Aware Game Edition\Ad-AwareAdmin.exe [2009-10-23 17:11]
2010-05-24 e:\windows\Tasks\Ad-Aware Update (Daily 4).job
- e:\program files\Lavasoft\Ad-Aware Game Edition\Ad-AwareAdmin.exe [2009-10-23 17:11]
2010-05-24 e:\windows\Tasks\Ad-Aware Update (Weekly).job
- e:\program files\Lavasoft\Ad-Aware Game Edition\Ad-AwareAdmin.exe [2009-10-23 17:11]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Space Rangers 2 - e:\windows\setup_rangers_2.exe
AddRemove-Starcraft - e:\windows\SCunin.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-24 13:48
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GarenaPEngine]
"ImagePath"="\??\e:\docume~1\Polki\LOCALS~1\Temp\QVS51F.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL]
"ImagePath"="\"f:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"f:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL41]
"ImagePath"="\"e:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"e:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL41"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySQL501]
"ImagePath"="\"e:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"e:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL501"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WoW]
"ImagePath"="\"e:\program files\MySQL\MySQL Server 4.1\bin\mysqld-nt\" --defaults-file=\"e:\program files\MySQL\MySQL Server 4.1\my.ini\" WoW"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-842925246-2025429265-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:a8,87,9c,e4,a2,7c,29,ea,b1,27,ab,05,bc,36,dd,c5,62,c0,67,3b,1d,
25,6b,40,1d,3e,2c,eb,8e,9c,4d,da,80,45,e1,cf,a4,93,76,a1,66,b2,6a,56,d6,fe,\
"rkeysecu"=hex:8c,d0,c8,89,79,7f,a1,8b,0a,46,18,06,3c,05,19,81
.
Celkový čas: 2010-05-24 13:50:09
ComboFix-quarantined-files.txt 2010-05-24 11:50
ComboFix2.txt 2010-01-27 15:12
Před spuštěním: 9 838 563 328
Po spuštění: 9 784 991 744
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 24FE66DA9F00B6EE125C5D07607BCDEB
Seržant Polki
Intel I7 4770K, 32 GB Ram v Quad Channelu, Deska Asus... HyperX Kingston SSD 1 GB hadr + Data disk 2TB , Grafika GE Force RTX 2070 OC , LCD monitor 240 Hz 1920x1080 , Internet, 100/100 - 349Kč.
, v jakých souborech?