Prosím o kontrolu logu Vyřešeno

[Seky97]

Dobrý den, tak už uběhl měsíc po přeinstalování windows, a tak bych potřeboval preventivně zkontrolovat log. Předem děkuji.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:26, on 18.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Admin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 5028 bytes

[Reklama]

[Seky97]

Přikládám MwAM.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4153

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

18.6.2010 19:57:12
mbam-log-2010-06-18 (19-57-12).txt

Typ skenu: Rychlý sken
Skenované objekty: 123502
Uplynulý čas: 4 minuta(y), 31 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[bledulka]

Ahoj,
mbam máš placený s rezidentním štítem?
Jak se chová počítač, je vše v pořádku?

[Seky97]

Mám ho s rezidentním štítem.
No Pc je docela v pořádku, ale start systému se pohybuje kolem 5 minut. (to mi zas tak nevadí, času mám habaděj)

Nemám použít ComboFix?

[bledulka]

Proč combofix? Máš k tomu nějaký důvod?
Máš s rezidentním štítem i spybota, jeden štít bych vypnula, můžou mezi sebou kolidovat a zpomalovat systém.

Dříve bylo nabíhání pc rychlejší?

[Seky97]

"Proč ComboFix?" Protože pokaždé co jsem tady dělal preventivku, tak jaro3 po mě chtěl log z ComboFixu.

Vypnu teda toho spybota.

Spuštění bylo dříve výrazně rychlejší.

[bledulka]

Aha, tak k tomu měl asi důvod. Dobře, tak to zkontrolujeme.

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

[Seky97]

ComboFix 10-06-19.03 - Admin 20.06.2010 13:53:46.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.586 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Kerio Personal Firewall *disabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Sifry.exe
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin2.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin3.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin5.dll
c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
c:\program files\Mozilla Firefox\Plugins\npqtplugin7.dll
c:\program files\Opera\program\plugins\npqtplugin2.dll
c:\program files\Opera\program\plugins\npqtplugin3.dll
c:\program files\Opera\program\plugins\npqtplugin4.dll
c:\program files\Opera\program\plugins\npqtplugin5.dll
c:\program files\Opera\program\plugins\npqtplugin6.dll
c:\program files\Opera\program\plugins\npqtplugin7.dll
c:\program files\QuickTime\Plugins\npqtplugin2.dll
c:\program files\QuickTime\Plugins\npqtplugin3.dll
c:\program files\QuickTime\Plugins\npqtplugin4.dll
c:\program files\QuickTime\Plugins\npqtplugin5.dll
c:\program files\QuickTime\Plugins\npqtplugin6.dll
c:\program files\QuickTime\Plugins\npqtplugin7.dll
c:\windows\system32\fonts
c:\windows\system32\fonts\a010013l.afm
c:\windows\system32\fonts\a010013l.pfb
c:\windows\system32\fonts\a010013l.pfm
c:\windows\system32\fonts\a010015l.afm
c:\windows\system32\fonts\a010015l.pfb
c:\windows\system32\fonts\a010015l.pfm
c:\windows\system32\fonts\a010033l.afm
c:\windows\system32\fonts\a010033l.pfb
c:\windows\system32\fonts\a010033l.pfm
c:\windows\system32\fonts\a010035l.afm
c:\windows\system32\fonts\a010035l.pfb
c:\windows\system32\fonts\a010035l.pfm
c:\windows\system32\fonts\b018012l.afm
c:\windows\system32\fonts\b018012l.pfb
c:\windows\system32\fonts\b018012l.pfm
c:\windows\system32\fonts\b018015l.afm
c:\windows\system32\fonts\b018015l.pfb
c:\windows\system32\fonts\b018015l.pfm
c:\windows\system32\fonts\b018032l.afm
c:\windows\system32\fonts\b018032l.pfb
c:\windows\system32\fonts\b018032l.pfm
c:\windows\system32\fonts\b018035l.afm
c:\windows\system32\fonts\b018035l.pfb
c:\windows\system32\fonts\b018035l.pfm
c:\windows\system32\fonts\c059013l.afm
c:\windows\system32\fonts\c059013l.pfb
c:\windows\system32\fonts\c059013l.pfm
c:\windows\system32\fonts\c059016l.afm
c:\windows\system32\fonts\c059016l.pfb
c:\windows\system32\fonts\c059016l.pfm
c:\windows\system32\fonts\c059033l.afm
c:\windows\system32\fonts\c059033l.pfb
c:\windows\system32\fonts\c059033l.pfm
c:\windows\system32\fonts\c059036l.afm
c:\windows\system32\fonts\c059036l.pfb
c:\windows\system32\fonts\c059036l.pfm
c:\windows\system32\fonts\d050000l.afm
c:\windows\system32\fonts\d050000l.pfb
c:\windows\system32\fonts\d050000l.pfm
c:\windows\system32\fonts\fonts.dir
c:\windows\system32\fonts\fonts.scale
c:\windows\system32\fonts\n019003l.afm
c:\windows\system32\fonts\n019003l.pfb
c:\windows\system32\fonts\n019003l.pfm
c:\windows\system32\fonts\n019004l.afm
c:\windows\system32\fonts\n019004l.pfb
c:\windows\system32\fonts\n019004l.pfm
c:\windows\system32\fonts\n019023l.afm
c:\windows\system32\fonts\n019023l.pfb
c:\windows\system32\fonts\n019023l.pfm
c:\windows\system32\fonts\n019024l.afm
c:\windows\system32\fonts\n019024l.pfb
c:\windows\system32\fonts\n019024l.pfm
c:\windows\system32\fonts\n019043l.afm
c:\windows\system32\fonts\n019043l.pfb
c:\windows\system32\fonts\n019043l.pfm
c:\windows\system32\fonts\n019044l.afm
c:\windows\system32\fonts\n019044l.pfb
c:\windows\system32\fonts\n019044l.pfm
c:\windows\system32\fonts\n019063l.afm
c:\windows\system32\fonts\n019063l.pfb
c:\windows\system32\fonts\n019063l.pfm
c:\windows\system32\fonts\n019064l.afm
c:\windows\system32\fonts\n019064l.pfb
c:\windows\system32\fonts\n019064l.pfm
c:\windows\system32\fonts\n021003l.afm
c:\windows\system32\fonts\n021003l.pfb
c:\windows\system32\fonts\n021003l.pfm
c:\windows\system32\fonts\n021004l.afm
c:\windows\system32\fonts\n021004l.pfb
c:\windows\system32\fonts\n021004l.pfm
c:\windows\system32\fonts\n021023l.afm
c:\windows\system32\fonts\n021023l.pfb
c:\windows\system32\fonts\n021023l.pfm
c:\windows\system32\fonts\n021024l.afm
c:\windows\system32\fonts\n021024l.pfb
c:\windows\system32\fonts\n021024l.pfm
c:\windows\system32\fonts\n022003l.afm
c:\windows\system32\fonts\n022003l.pfb
c:\windows\system32\fonts\n022003l.pfm
c:\windows\system32\fonts\n022004l.afm
c:\windows\system32\fonts\n022004l.pfb
c:\windows\system32\fonts\n022004l.pfm
c:\windows\system32\fonts\n022023l.afm
c:\windows\system32\fonts\n022023l.pfb
c:\windows\system32\fonts\n022023l.pfm
c:\windows\system32\fonts\n022024l.afm
c:\windows\system32\fonts\n022024l.pfb
c:\windows\system32\fonts\n022024l.pfm
c:\windows\system32\fonts\p052003l.afm
c:\windows\system32\fonts\p052003l.pfb
c:\windows\system32\fonts\p052003l.pfm
c:\windows\system32\fonts\p052004l.afm
c:\windows\system32\fonts\p052004l.pfb
c:\windows\system32\fonts\p052004l.pfm
c:\windows\system32\fonts\p052023l.afm
c:\windows\system32\fonts\p052023l.pfb
c:\windows\system32\fonts\p052023l.pfm
c:\windows\system32\fonts\p052024l.afm
c:\windows\system32\fonts\p052024l.pfb
c:\windows\system32\fonts\p052024l.pfm
c:\windows\system32\fonts\s050000l.afm
c:\windows\system32\fonts\s050000l.pfb
c:\windows\system32\fonts\s050000l.pfm
c:\windows\system32\fonts\uninstal.txt
c:\windows\system32\fonts\z003034l.afm
c:\windows\system32\fonts\z003034l.pfb
c:\windows\system32\fonts\z003034l.pfm
c:\windows\system32\VB6KO.DLL
H:\install.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-20 do 2010-06-20 )))))))))))))))))))))))))))))))
.

2010-06-17 17:48 . 2010-06-17 17:52 -------- d-----w- c:\program files\Picasa2
2010-06-17 15:55 . 2010-06-17 16:02 -------- d-----w- c:\program files\Fraps
2010-06-16 15:13 . 2008-11-13 14:20 602624 -c----w- c:\windows\system32\dllcache\crypt32.dll
2010-06-16 15:13 . 2008-11-13 14:20 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2010-06-16 14:40 . 2010-06-16 15:18 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-16 14:30 . 2010-06-16 14:30 -------- d-----w- c:\windows\system32\xlive
2010-06-16 14:30 . 2010-06-16 14:30 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2010-06-16 13:50 . 2008-04-14 06:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-14 13:57 . 2010-06-14 13:57 -------- d-----w- c:\program files\TopStyle 4
2010-06-14 13:55 . 2010-06-14 13:55 -------- d-----w- c:\program files\PSPad editor
2010-06-13 11:28 . 2010-06-13 11:28 -------- d-----w- C:\ATI
2010-06-08 14:25 . 2010-06-09 12:26 -------- d-----w- c:\program files\Mass Downloader
2010-06-08 14:19 . 2003-12-15 21:16 81920 ----a-w- c:\windows\system32\eSellerateControl350.dll
2010-06-08 14:19 . 2003-12-15 21:16 348160 ----a-w- c:\windows\system32\eSellerateEngine.dll
2010-06-08 14:19 . 2010-06-08 14:21 -------- d-----w- c:\program files\Star Downloader
2010-06-04 18:33 . 2010-06-04 18:33 -------- d-----w- c:\program files\CDBurnerXP
2010-06-01 18:29 . 2008-07-11 00:28 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2010-06-01 18:29 . 2008-07-11 00:28 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2010-06-01 18:28 . 2010-06-01 18:28 -------- d-----w- c:\windows\system32\RsFx
2010-06-01 17:42 . 2010-06-01 18:28 -------- d-----w- c:\program files\Microsoft SQL Server
2010-06-01 17:42 . 2010-06-18 12:45 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 17:42 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-06-01 17:42 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-06-01 17:37 . 2010-06-01 17:42 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-06-01 17:37 . 2010-06-01 17:37 -------- d-----w- c:\program files\Microsoft SDKs
2010-05-28 16:54 . 2007-10-12 13:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2010-05-28 12:51 . 2010-05-28 12:51 -------- d-----w- c:\program files\Opera
2010-05-27 13:51 . 2010-05-27 13:51 -------- d-sh--w- c:\windows\ftpcache
2010-05-21 17:13 . 2004-08-17 13:45 2183168 ----a-w- c:\windows\system32\TUKernel.exe
2010-05-21 16:41 . 2009-10-30 13:08 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2010-05-21 16:41 . 2009-10-30 13:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-05-21 16:41 . 2010-05-21 16:41 -------- d-----w- c:\program files\TuneUp Utilities 2010

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 11:49 . 2010-05-07 18:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-20 08:05 . 2010-06-06 10:55 7003 ----a-w- c:\windows\system32\drivers\fwdrv.err
2010-06-17 12:40 . 2010-05-07 14:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-16 14:02 . 2001-10-25 14:00 497316 ----a-w- c:\windows\system32\perfh005.dat
2010-06-16 14:02 . 2001-10-25 14:00 103464 ----a-w- c:\windows\system32\perfc005.dat
2010-06-16 13:56 . 2010-05-07 14:12 2740 ----a-w- c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-06-16 13:56 . 2010-05-07 14:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-13 17:24 . 2010-05-07 14:23 -------- d-----w- c:\program files\ATI Technologies
2010-06-13 12:02 . 2010-05-09 09:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-08 13:04 . 2010-05-07 16:45 -------- d-----w- c:\program files\IrfanView
2010-06-06 11:59 . 2010-05-15 17:00 -------- d-----w- c:\program files\AviSynth 2.5
2010-06-06 11:58 . 2010-05-15 16:59 -------- d-----w- c:\program files\AVI ReComp
2010-06-01 18:26 . 2010-05-07 16:29 -------- d-----w- c:\program files\Microsoft.NET
2010-05-20 13:25 . 2010-05-20 13:25 -------- d-----w- c:\program files\PDF-Convert
2010-05-20 13:18 . 2010-05-20 13:18 -------- d-----w- c:\program files\Ghostscript
2010-05-19 19:02 . 2010-05-19 18:56 -------- d-----w- c:\program files\Full Tilt Poker
2010-05-19 16:22 . 2010-05-19 16:15 -------- d-----w- c:\program files\Terasoft
2010-05-16 16:29 . 2010-05-11 17:22 -------- d-----w- c:\program files\Guitar Pro 5
2010-05-16 08:06 . 2010-05-09 10:37 -------- d-----w- c:\program files\Avidemux 2.5
2010-05-16 07:58 . 2010-05-16 07:58 -------- d-----w- c:\program files\X2Xsoft
2010-05-15 17:35 . 2010-05-15 17:23 -------- d-----w- c:\program files\BIAS
2010-05-15 17:01 . 2010-05-15 17:01 -------- d-----w- c:\program files\Gabest
2010-05-15 17:00 . 2010-05-15 08:04 -------- d-----w- c:\program files\Xvid
2010-05-15 16:31 . 2010-05-15 16:31 -------- d-----w- c:\program files\COMODO
2010-05-15 11:53 . 2010-05-15 11:47 -------- d-----w- c:\program files\lg_fwupdate
2010-05-15 11:46 . 2010-05-15 11:35 -------- d-----w- c:\program files\CyberLink
2010-05-15 11:43 . 2010-05-15 11:41 -------- d-----w- c:\program files\Common Files\Ahead
2010-05-15 11:41 . 2010-05-15 11:41 -------- d-----w- c:\program files\Nero
2010-05-15 09:07 . 2010-05-15 09:07 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-15 09:07 . 2010-05-15 09:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-15 09:05 . 2010-05-07 16:29 -------- d-----w- c:\program files\MSBuild
2010-05-15 09:05 . 2010-05-15 09:05 -------- d-----w- c:\program files\Reference Assemblies
2010-05-15 09:01 . 2010-05-15 09:01 -------- d-----w- c:\program files\MSXML 6.0
2010-05-15 08:05 . 2010-05-15 08:05 -------- d-----w- c:\program files\FDRLab
2010-05-12 15:59 . 2010-05-12 15:59 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-05-12 15:59 . 2010-05-12 15:59 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-12 15:58 . 2010-05-12 15:58 -------- d-----w- c:\program files\IVT Corporation
2010-05-12 15:12 . 2010-05-12 15:11 -------- d-----w- c:\program files\Google
2010-05-11 14:30 . 2010-05-11 14:30 -------- d-----w- c:\program files\Common Files\Protexis
2010-05-11 14:29 . 2010-05-11 14:29 -------- d-----w- c:\program files\Common Files\Corel
2010-05-11 14:28 . 2010-05-11 14:28 -------- d-----w- c:\program files\Corel
2010-05-09 20:24 . 2010-05-07 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-09 15:32 . 2010-05-09 15:12 -------- d-----w- c:\program files\SopCast
2010-05-08 19:06 . 2010-05-07 14:12 8972 ----a-w- c:\windows\pchealth\helpctr\Config\Cntstore.bin
2010-05-08 16:55 . 2010-05-08 16:53 -------- d-----w- c:\program files\QuickTime
2010-05-08 16:52 . 2010-05-08 16:52 -------- d-----w- c:\program files\Apple Software Update
2010-05-07 18:30 . 2010-05-07 18:30 -------- d-----w- c:\program files\Trend Micro
2010-05-07 18:28 . 2010-05-07 18:28 -------- d-----w- c:\program files\xp-AntiSpy
2010-05-07 18:11 . 2010-05-07 18:11 -------- d-----w- c:\program files\QIP
2010-05-07 17:58 . 2010-05-07 17:58 -------- d-----w- c:\program files\VideoReDoTVSuite
2010-05-07 17:56 . 2010-05-07 17:55 -------- d-----w- c:\program files\JetAudio
2010-05-07 17:56 . 2010-05-07 17:55 -------- d-----w- c:\program files\Common Files\COWON
2010-05-07 17:43 . 2010-05-07 17:43 -------- d-----w- c:\program files\Webteh
2010-05-07 17:25 . 2010-05-07 17:25 -------- d-----w- c:\program files\MuseScore 0.9
2010-05-07 17:00 . 2010-05-07 17:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-05-07 17:00 . 2010-05-07 17:00 -------- d-----w- c:\program files\Java
2010-05-07 16:57 . 2010-05-07 16:57 -------- d-----w- c:\program files\CCleaner
2010-05-07 16:43 . 2010-05-07 16:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-07 16:33 . 2010-05-07 16:33 -------- d-----w- c:\program files\Sunbelt Software
2010-05-07 16:29 . 2010-05-07 16:29 -------- d-----w- c:\program files\Microsoft Works
2010-05-07 16:27 . 2010-05-07 16:27 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-07 16:23 . 2010-05-07 16:15 127768 ----a-w- c:\windows\hpoins11.dat
2010-05-07 16:22 . 2010-05-07 16:22 -------- d-----w- c:\program files\Common Files\HP
2010-05-07 16:22 . 2010-05-07 16:18 -------- d-----w- c:\program files\HP
2010-05-07 16:21 . 2010-05-07 16:20 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-07 16:20 . 2010-05-07 16:20 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-05-07 16:13 . 2010-05-07 16:13 0 ----a-w- c:\windows\nsreg.dat
2010-05-07 14:33 . 2010-05-07 14:33 -------- d-----w- c:\program files\ESET
2010-05-07 14:27 . 2010-05-07 14:17 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-07 14:26 . 2010-05-07 14:26 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-05-07 14:18 . 2010-05-07 14:18 -------- d-----w- c:\program files\Realtek
2010-05-07 14:12 . 2010-05-07 14:12 -------- d-----w- c:\program files\microsoft frontpage
2010-05-07 14:10 . 2010-05-07 14:10 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-29 13:39 . 2010-05-07 18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-05-07 18:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 12:35 305064 ----a-r- d:\hry\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-28 06:54 16248320 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\HRY\\Steam\\Steam.exe"=
"d:\\HRY\\EA GAMES\\Battlefield 2\\BF2.exe"=
"d:\\HRY\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\HRY\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\HRY\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
"d:\\HRY\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\HRY\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\HRY\\Empire Interactive\\FlatOut Ultimate Carnage\\Fouc.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9.3.2010 10:13 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9.3.2010 10:13 95872]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.7.2006 12:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.7.2006 12:02 91672]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9.3.2010 10:13 810120]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7.5.2010 20:43 304464]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7.5.2010 20:43 20952]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys --> c:\windows\system32\drivers\CFRMD.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.5.2010 17:59 691696]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.5.2010 17:11 136176]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 2:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-06-20 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 13:12]

2010-06-19 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-26 14:28]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 15:11]
.
.
------- Doplňkový sken -------
.
IE: ????3??
IE: ????3??????
IE: ????3?? - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htm
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\as9zb8ym.default\
FF - prefs.js: browser.search.selectedEngine - Mapy.cz
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 7070
FF - prefs.js: network.proxy.type - 5
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 14:02
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}Ź]
@="c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:12,de,fa,d4,ae,69,fc,e3,6d,68,c9,be,3d,b0,d6,58,9a,37,cd,5d,04,
46,4c,c4,0c,65,df,01,75,c9,6d,2b,0c,75,9f,51,e0,3d,4c,0a,34,00,58,e2,f7,4a,\
"rkeysecu"=hex:e3,b7,9d,79,2e,64,2e,40,a8,c0,f9,7e,53,d8,ac,b8
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-06-20 14:06:24
ComboFix-quarantined-files.txt 2010-06-20 12:06

Před spuštěním: 6 315 814 912
Po spuštění: 6 269 497 344

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=E9ZVFR

- - End Of File - - 15DFCAE49362BD30A6F3F6CE03F3ACE6

[bledulka]

Tuto složku a soubory v ní jsi znal??
c:\windows\system32\fonts\n022023l.pfm

[Seky97]

Ne.

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\drivers\CFRMD.sys

Driver::
CFRMD

DDS::
IE: ????3??
IE: ????3??????
IE: ????3?? - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Admin\Data aplikací\FlashGetBHO\GetAllUrl.htm

RegLock::
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*
N}Ź]
@="c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
[HKEY_USERS\S-1-5-21-583907252-515967899-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3*
N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\Admin\\Data aplikací\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Tento port si nastavoval sám:
FF - prefs.js: network.proxy.socks_port - 7070
??

[Seky97]

Tento port: FF - prefs.js: network.proxy.socks_port - 7070 ?? jsem si nenastavoval.
Já do portů nelezu .