Log z combofixu:
ComboFix 10-09-15.02 - Administrator 16.09.2010 17:29:18.3.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.349 [GMT 2:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-16 do 2010-09-16 )))))))))))))))))))))))))))))))
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-12-20 19:41 . 2005-12-20 19:41 8192 --sha-w- c:\windows\o2cLicStore.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 09:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\DVDVIDEOSOFT\tbDVDV.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-13 39408]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-04-29 3220912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"D_V_T"="c:\\dvt.exe" [2006-02-10 3584]
"CARPService"="carpserv.exe" [2002-11-19 4608]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-20 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-18 730600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2010-07-29 106496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HostingClientShortcut.lnk - c:\hosting\client\HostingClient.exe [2010-5-26 81920]
hp instant support.lnk - c:\program files\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe [2005-8-15 208896]
hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-5-29 323646]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2009-3-3 145736]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-5-29 147456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Shell"="c:\program files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
"TaskTray"="c:\program files\Creative\SBAudigy\TaskBar\CTLTray.exe"
"TaskBar"="c:\program files\Creative\SBAudigy\TaskBar\CTLTask.exe"
"Eyeball Chat"="c:\progra~1\Eyeball\EYEBAL~1\EyeballChat.exe" -min
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Jet Detection"=c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
"CARPService"=carpserv.exe
"WINDVDPatch"=CTHELPER.EXE
"CTStartup"=c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run
"Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Hry\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\hosting\\client\\HostingClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23048:TCP"= 23048:TCP:BitComet 23048 TCP
"23048:UDP"= 23048:UDP:BitComet 23048 UDP
"53:TCP"= 53:TCP:DNSPort
"53:UDP"= 53:UDP:DNSPort
"80:UDP"= 80:UDP:WebPort
"81:TCP"= 81:TCP:WebPort2
"81:UDP"= 81:UDP:WebPort2
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"80:TCP"= 80:TCP:WebPort
R0 42574892;42574892 Boot Guard Driver;c:\windows\system32\drivers\42574892.sys [21.7.2010 12:00 37392]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 42574891;42574891;c:\windows\system32\drivers\42574891.sys [21.7.2010 12:00 128016]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [31.3.2006 22:15 24786]
R1 setup_9.0.0.722_21.07.2010_13-25drv;setup_9.0.0.722_21.07.2010_13-25drv;c:\windows\system32\drivers\4257489.sys [21.7.2010 12:00 315408]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [22.7.2010 11:06 14336]
R2 Apache2.2;Apache2.2;c:\hosting\apache\bin\httpd.exe [28.9.2009 23:41 24645]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30.3.2010 11:16 1107336]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [18.5.2010 16:01 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [18.5.2010 16:01 493032]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [26.9.2005 16:47 8576]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.12.2009 19:07 135664]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [15.8.2005 17:58 227200]
S3 CEDRIVER55;CEDRIVER55;c:\program files\Cheat Engine\dbk32.sys [13.9.2010 15:00 61056]
S3 Devx;Devx;c:\windows\system32\drivers\Devx.sys [29.11.2008 19:03 4448]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [31.3.2006 22:15 45534]
S3 tomcat6;tomcat6;c:\hosting\tomcat\bin\tomcat6.exe [20.7.2007 7:20 57344]
S3 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [29.11.2008 19:03 3328]
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [24.3.2007 14:26 258560]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.2.2009 15:34 717296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
2010-09-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-07-19 09:14]
2010-09-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-13 19:34]
2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:06]
2010-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2269050
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://search13.net/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Přelož do češtiny - c:\program files\Seznam Bezpecny Internet\SBI.dll/5034
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Hledej v &Seznamu - c:\program files\Seznam Bezpecny Internet\SBI.dll/5033
IE: Hledej v Seznam &Fulltextu - c:\program files\Seznam Bezpecny Internet\SBI.dll/5035
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
LSP: imon.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: {05696265-2E64-4DC0-8F18-BF9B1D6C91D1} = 10.0.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\ih157vk4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT22690 ... hSource=13
FF - component: c:\documents and settings\Radim\Data aplikací\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\ih157vk4.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\ih157vk4.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\ih157vk4.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\ih157vk4.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\Zynga\tbZyng.dll
BHO-{A3CF7606-E683-4375-A372-96B75DA0AEF7} - (no file)
Toolbar-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\Zynga\tbZyng.dll
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - c:\program files\Zynga\tbZyng.dll
Notify-dimsntfy - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-16 17:48
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):cf,4a,61,2c,3b,58,81,b5,e7,17,cc,45,ac,b8,a3,1a,2c,68,da,68,48,
81,bc,b0,47,19,f3,b7,3a,12,36,0f,92,d9,ad,a3,a5,24,80,6f,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{69157d75-302d-4d4a-b267-5feb0537c483}]
@Denied: (Full) (Everyone)
"Model"=dword:00000102
"Therad"=dword:00000015
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(968)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(2192)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Eset\nod32krn.exe
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\carpserv.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Celkový čas: 2010-09-16 18:13:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-16 16:12
Před spuštěním: 5 852 336 128
Po spuštění: 6 957 080 576
- - End Of File - - 9FA57D2BDD79C75631FD839918B73140
Prosím o kontrolu logu
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43297
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
File::
c:\program files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
c:\windows\system32\drivers\42574892.sys
c:\windows\system32\drivers\42574891.sys
Driver::
42574892
42574891
EagleXNt
XDva359
XDva359
Registry::
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Shell"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000
DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2269050
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://search13.net/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
Firefox::
FF - ProfilePath - c:\documents and settings\Radim\Data aplikací\Mozilla\Firefox\Profiles\ih157vk4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT22690 ... hSource=13
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{69157d75-302d-4d4a-b267-5feb0537c483}]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu logu
Log z combofixu:
ComboFix 10-09-21.03 - Administrator 22.09.2010 14:01:59.5.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.347 [GMT 2:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Radim\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\program files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
"c:\windows\system32\drivers\42574891.sys"
"c:\windows\system32\drivers\42574892.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_42574891
-------\Legacy_42574892
-------\Legacy_EAGLEXNT
-------\Legacy_XDVA359
-------\Service_42574891
-------\Service_42574892
-------\Service_EagleXNt
-------\Service_XDva359
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-22 do 2010-09-22 )))))))))))))))))))))))))))))))
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 12:37 . 2010-06-29 17:00 -------- d-----w- c:\program files\Steam
2010-09-22 12:29 . 2010-08-09 13:28 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-22 10:19 . 2009-12-15 14:25 -------- d-----w- c:\program files\Valve
2010-09-22 07:07 . 2010-09-13 13:00 -------- d-----w- c:\program files\Cheat Engine
2010-09-21 20:29 . 2005-08-15 17:04 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000004-00511102}.dat
2010-09-21 20:29 . 2005-08-15 17:04 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000A-00001102-00000004-00511102}.dat
2010-09-11 21:19 . 2010-09-12 07:47 1181696 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-09-11 08:29 . 2010-05-17 10:59 -------- d-----w- c:\program files\DVDVIDEOSOFT
2010-09-11 08:29 . 2010-09-11 08:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-09-11 07:06 . 2010-09-11 07:06 178702 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_09_11_08_58_06_small.dmp.zip
2010-09-11 06:58 . 2010-09-11 07:00 1691136 ----a-w- c:\windows\Internet Logs\xDB92.tmp
2010-09-08 14:07 . 2010-08-23 15:56 -------- d-----w- c:\program files\Poker Heaven
2010-09-07 18:29 . 2010-09-07 18:28 1852903 ----a-w- c:\program files\WinRAR.rar
2010-09-07 13:56 . 2010-09-07 13:56 -------- d-----w- c:\program files\Gameforge4D
2010-09-06 19:07 . 2010-07-20 13:44 -------- d-----w- c:\program files\Trend Micro
2010-09-06 18:37 . 2010-09-06 18:37 -------- d-----w- c:\program files\CCleaner
2010-09-05 10:41 . 2010-09-05 10:41 21904 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_09_05_11_09_45_small.dmp.zip
2010-09-05 09:05 . 2010-09-05 09:05 1795474 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-09-01 11:23 . 2010-09-01 11:23 -------- d-----w- c:\program files\Z8Games
2010-08-27 16:43 . 2010-08-27 16:43 -------- d-----w- c:\program files\Internet Download Manager
2010-08-18 17:42 . 2010-08-18 17:42 -------- d-----w- c:\program files\Common Files\Kodak
2010-08-18 17:42 . 2010-08-18 17:42 -------- d-----w- c:\program files\Kodak
2010-08-18 17:40 . 2010-08-18 17:40 -------- d-----w- c:\program files\MSXML 6.0
2010-08-16 21:21 . 2010-08-10 14:51 -------- d-----w- c:\program files\IObit
2010-08-14 08:18 . 2010-08-14 08:19 441344 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-08-14 07:56 . 2010-08-14 07:56 148656 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_08_14_09_50_01_small.dmp.zip
2010-08-14 07:56 . 2010-08-14 07:48 175716 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_08_14_09_39_03_small.dmp.zip
2010-08-09 13:25 . 2010-08-09 13:24 -------- d-----w- c:\program files\Metacafe
2010-08-09 10:19 . 2010-08-09 10:13 -------- d-----w- c:\program files\iTunes
2010-08-09 10:15 . 2010-08-09 10:15 -------- d-----w- c:\program files\iPod
2010-08-09 10:15 . 2010-08-09 09:58 -------- d-----w- c:\program files\Common Files\Apple
2010-08-09 10:10 . 2010-08-09 10:06 -------- d-----w- c:\program files\QuickTime
2010-08-09 10:04 . 2010-08-09 10:04 -------- d-----w- c:\program files\Apple Software Update
2010-08-09 10:00 . 2010-08-09 10:00 -------- d-----w- c:\program files\Bonjour
2010-07-28 16:16 . 2010-07-28 16:17 294400 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-07-23 06:33 . 2001-10-25 14:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2010-07-23 06:33 . 2001-10-25 14:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2010-07-22 13:28 . 2005-08-15 16:24 80007 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-07-22 13:28 . 2005-08-15 16:24 2410 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2010-07-22 06:36 . 2010-07-22 06:36 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-15 14:22 . 2009-12-15 14:14 302548481 ----a-w- c:\program files\Counter-Strike1.6(1).exe
2009-12-09 18:49 . 2009-12-09 16:23 733777632 ----a-w- c:\program files\Counter-Strike Source(1).exe
2009-12-09 14:59 . 2009-12-09 14:58 733777632 ---ha-w- c:\program files\Counter-Strike Source.exe
2009-12-09 14:34 . 2009-12-09 14:33 57008 ----a-w- c:\program files\cfgs.rar
2009-11-27 12:41 . 2009-11-27 12:41 997113166 ---ha-w- c:\program files\cs_source.rar
2008-10-16 15:58 . 2008-12-24 19:43 2848436 ----a-w- c:\program files\Landa-Touha.mp3
2008-10-01 10:05 . 2008-12-24 19:43 4001792 ----a-w- c:\program files\Enrique Iglesias - Hero.mp3
2008-08-10 23:08 . 2008-08-10 23:08 978396 ----a-w- c:\program files\BDAXP.cab
2008-08-03 15:36 . 2008-08-03 15:36 137003 ----a-w- c:\program files\bhop2.png
2008-06-13 14:46 . 2008-12-24 19:43 5904863 ----a-w- c:\program files\Chinaski - Vakuum.mp3
2008-05-21 11:28 . 2008-12-24 19:43 3343717 ----a-w- c:\program files\Enrique Iglesias - Escape.mp3
2008-05-21 11:00 . 2008-12-24 19:43 5825885 ----a-w- c:\program files\Falling Slowly.mp3
2008-05-20 07:36 . 2008-12-24 19:43 3190317 ----a-w- c:\program files\Glen Hansard-All the way down.mp3
2008-05-20 07:32 . 2008-12-24 19:43 6467440 ----a-w- c:\program files\Fergie - Big Girls Dont Cry.mp3
2008-04-28 18:24 . 2008-12-24 19:43 5552128 ----a-w- c:\program files\Enrique Iglesias - Ring my bells.mp3
2008-04-28 18:20 . 2008-12-24 19:43 3965306 ----a-w- c:\program files\Enrique Iglesias - 03 - Love to see you cry - 21century.mp3
2008-04-28 18:05 . 2008-12-24 19:43 5574053 ----a-w- c:\program files\Fergie - Wont Let You Fall.mp3
2008-04-28 18:00 . 2008-12-24 19:43 6561752 ----a-w- c:\program files\Fergie.mp3
2005-12-20 19:41 . 2005-12-20 19:41 8192 --sha-w- c:\windows\o2cLicStore.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 09:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\DVDVIDEOSOFT\tbDVDV.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-13 39408]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-04-29 3220912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"D_V_T"="c:\\dvt.exe" [2006-02-10 3584]
"CARPService"="carpserv.exe" [2002-11-19 4608]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-20 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-18 730600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2010-07-29 106496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TaskTray"="c:\program files\Creative\SBAudigy\TaskBar\CTLTray.exe"
"TaskBar"="c:\program files\Creative\SBAudigy\TaskBar\CTLTask.exe"
"Eyeball Chat"="c:\progra~1\Eyeball\EYEBAL~1\EyeballChat.exe" -min
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Jet Detection"=c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
"CARPService"=carpserv.exe
"WINDVDPatch"=CTHELPER.EXE
"CTStartup"=c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run
"Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Hry\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\hosting\\client\\HostingClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23048:TCP"= 23048:TCP:BitComet 23048 TCP
"23048:UDP"= 23048:UDP:BitComet 23048 UDP
"53:TCP"= 53:TCP:DNSPort
"53:UDP"= 53:UDP:DNSPort
"80:UDP"= 80:UDP:WebPort
"81:TCP"= 81:TCP:WebPort2
"81:UDP"= 81:UDP:WebPort2
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"80:TCP"= 80:TCP:WebPort
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [31.3.2006 22:15 24786]
R1 setup_9.0.0.722_21.07.2010_13-25drv;setup_9.0.0.722_21.07.2010_13-25drv;c:\windows\system32\drivers\4257489.sys [21.7.2010 12:00 315408]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [22.7.2010 11:06 14336]
R2 Apache2.2;Apache2.2;c:\hosting\apache\bin\httpd.exe [28.9.2009 23:41 24645]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30.3.2010 11:16 1107336]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [18.5.2010 16:01 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [18.5.2010 16:01 493032]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [26.9.2005 16:47 8576]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.12.2009 19:07 135664]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [15.8.2005 17:58 227200]
S3 CEDRIVER55;CEDRIVER55;c:\program files\Cheat Engine\dbk32.sys [13.9.2010 15:00 61056]
S3 Devx;Devx;c:\windows\system32\drivers\Devx.sys [29.11.2008 19:03 4448]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [31.3.2006 22:15 45534]
S3 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [29.11.2008 19:03 3328]
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [24.3.2007 14:26 258560]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.2.2009 15:34 717296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
2010-09-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-07-19 09:14]
2010-09-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-13 19:34]
2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:06]
2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:06]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search13.net/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Přelož do češtiny - c:\program files\Seznam Bezpecny Internet\SBI.dll/5034
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Hledej v &Seznamu - c:\program files\Seznam Bezpecny Internet\SBI.dll/5033
IE: Hledej v Seznam &Fulltextu - c:\program files\Seznam Bezpecny Internet\SBI.dll/5035
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
LSP: imon.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: {05696265-2E64-4DC0-8F18-BF9B1D6C91D1} = 10.0.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-22 14:30
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(972)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(3004)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Eset\nod32krn.exe
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\carpserv.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2010-09-22 14:53:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-22 12:53
ComboFix2.txt 2010-09-16 16:13
Před spuštěním: 5 845 049 344
Po spuštění: 6 271 827 968
- - End Of File - - D2D2463A694571B47F01B19878AA9983
ComboFix 10-09-21.03 - Administrator 22.09.2010 14:01:59.5.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.347 [GMT 2:00]
Spuštěný z: c:\documents and settings\Radim\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Radim\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\program files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
"c:\windows\system32\drivers\42574891.sys"
"c:\windows\system32\drivers\42574892.sys"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_42574891
-------\Legacy_42574892
-------\Legacy_EAGLEXNT
-------\Legacy_XDVA359
-------\Service_42574891
-------\Service_42574892
-------\Service_EagleXNt
-------\Service_XDva359
((((((((((((((((((((((((( Soubory vytvořené od 2010-08-22 do 2010-09-22 )))))))))))))))))))))))))))))))
.
V tomto časovém úseku nebyly vytvořeny žádné nové soubory.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 12:37 . 2010-06-29 17:00 -------- d-----w- c:\program files\Steam
2010-09-22 12:29 . 2010-08-09 13:28 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-22 10:19 . 2009-12-15 14:25 -------- d-----w- c:\program files\Valve
2010-09-22 07:07 . 2010-09-13 13:00 -------- d-----w- c:\program files\Cheat Engine
2010-09-21 20:29 . 2005-08-15 17:04 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000004-00511102}.dat
2010-09-21 20:29 . 2005-08-15 17:04 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000A-00001102-00000004-00511102}.dat
2010-09-11 21:19 . 2010-09-12 07:47 1181696 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2010-09-11 08:29 . 2010-05-17 10:59 -------- d-----w- c:\program files\DVDVIDEOSOFT
2010-09-11 08:29 . 2010-09-11 08:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-09-11 07:06 . 2010-09-11 07:06 178702 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_09_11_08_58_06_small.dmp.zip
2010-09-11 06:58 . 2010-09-11 07:00 1691136 ----a-w- c:\windows\Internet Logs\xDB92.tmp
2010-09-08 14:07 . 2010-08-23 15:56 -------- d-----w- c:\program files\Poker Heaven
2010-09-07 18:29 . 2010-09-07 18:28 1852903 ----a-w- c:\program files\WinRAR.rar
2010-09-07 13:56 . 2010-09-07 13:56 -------- d-----w- c:\program files\Gameforge4D
2010-09-06 19:07 . 2010-07-20 13:44 -------- d-----w- c:\program files\Trend Micro
2010-09-06 18:37 . 2010-09-06 18:37 -------- d-----w- c:\program files\CCleaner
2010-09-05 10:41 . 2010-09-05 10:41 21904 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_09_05_11_09_45_small.dmp.zip
2010-09-05 09:05 . 2010-09-05 09:05 1795474 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-09-01 11:23 . 2010-09-01 11:23 -------- d-----w- c:\program files\Z8Games
2010-08-27 16:43 . 2010-08-27 16:43 -------- d-----w- c:\program files\Internet Download Manager
2010-08-18 17:42 . 2010-08-18 17:42 -------- d-----w- c:\program files\Common Files\Kodak
2010-08-18 17:42 . 2010-08-18 17:42 -------- d-----w- c:\program files\Kodak
2010-08-18 17:40 . 2010-08-18 17:40 -------- d-----w- c:\program files\MSXML 6.0
2010-08-16 21:21 . 2010-08-10 14:51 -------- d-----w- c:\program files\IObit
2010-08-14 08:18 . 2010-08-14 08:19 441344 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2010-08-14 07:56 . 2010-08-14 07:56 148656 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_08_14_09_50_01_small.dmp.zip
2010-08-14 07:56 . 2010-08-14 07:48 175716 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_08_14_09_39_03_small.dmp.zip
2010-08-09 13:25 . 2010-08-09 13:24 -------- d-----w- c:\program files\Metacafe
2010-08-09 10:19 . 2010-08-09 10:13 -------- d-----w- c:\program files\iTunes
2010-08-09 10:15 . 2010-08-09 10:15 -------- d-----w- c:\program files\iPod
2010-08-09 10:15 . 2010-08-09 09:58 -------- d-----w- c:\program files\Common Files\Apple
2010-08-09 10:10 . 2010-08-09 10:06 -------- d-----w- c:\program files\QuickTime
2010-08-09 10:04 . 2010-08-09 10:04 -------- d-----w- c:\program files\Apple Software Update
2010-08-09 10:00 . 2010-08-09 10:00 -------- d-----w- c:\program files\Bonjour
2010-07-28 16:16 . 2010-07-28 16:17 294400 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-07-23 06:33 . 2001-10-25 14:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2010-07-23 06:33 . 2001-10-25 14:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2010-07-22 13:28 . 2005-08-15 16:24 80007 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-07-22 13:28 . 2005-08-15 16:24 2410 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2010-07-22 06:36 . 2010-07-22 06:36 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-12-15 14:22 . 2009-12-15 14:14 302548481 ----a-w- c:\program files\Counter-Strike1.6(1).exe
2009-12-09 18:49 . 2009-12-09 16:23 733777632 ----a-w- c:\program files\Counter-Strike Source(1).exe
2009-12-09 14:59 . 2009-12-09 14:58 733777632 ---ha-w- c:\program files\Counter-Strike Source.exe
2009-12-09 14:34 . 2009-12-09 14:33 57008 ----a-w- c:\program files\cfgs.rar
2009-11-27 12:41 . 2009-11-27 12:41 997113166 ---ha-w- c:\program files\cs_source.rar
2008-10-16 15:58 . 2008-12-24 19:43 2848436 ----a-w- c:\program files\Landa-Touha.mp3
2008-10-01 10:05 . 2008-12-24 19:43 4001792 ----a-w- c:\program files\Enrique Iglesias - Hero.mp3
2008-08-10 23:08 . 2008-08-10 23:08 978396 ----a-w- c:\program files\BDAXP.cab
2008-08-03 15:36 . 2008-08-03 15:36 137003 ----a-w- c:\program files\bhop2.png
2008-06-13 14:46 . 2008-12-24 19:43 5904863 ----a-w- c:\program files\Chinaski - Vakuum.mp3
2008-05-21 11:28 . 2008-12-24 19:43 3343717 ----a-w- c:\program files\Enrique Iglesias - Escape.mp3
2008-05-21 11:00 . 2008-12-24 19:43 5825885 ----a-w- c:\program files\Falling Slowly.mp3
2008-05-20 07:36 . 2008-12-24 19:43 3190317 ----a-w- c:\program files\Glen Hansard-All the way down.mp3
2008-05-20 07:32 . 2008-12-24 19:43 6467440 ----a-w- c:\program files\Fergie - Big Girls Dont Cry.mp3
2008-04-28 18:24 . 2008-12-24 19:43 5552128 ----a-w- c:\program files\Enrique Iglesias - Ring my bells.mp3
2008-04-28 18:20 . 2008-12-24 19:43 3965306 ----a-w- c:\program files\Enrique Iglesias - 03 - Love to see you cry - 21century.mp3
2008-04-28 18:05 . 2008-12-24 19:43 5574053 ----a-w- c:\program files\Fergie - Wont Let You Fall.mp3
2008-04-28 18:00 . 2008-12-24 19:43 6561752 ----a-w- c:\program files\Fergie.mp3
2005-12-20 19:41 . 2005-12-20 19:41 8192 --sha-w- c:\windows\o2cLicStore.bin
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 09:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\DVDVIDEOSOFT\tbDVDV.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-13 39408]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-04-29 3220912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"D_V_T"="c:\\dvt.exe" [2006-02-10 3584]
"CARPService"="carpserv.exe" [2002-11-19 4608]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-20 1043968]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-18 730600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2010-07-29 106496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TaskTray"="c:\program files\Creative\SBAudigy\TaskBar\CTLTray.exe"
"TaskBar"="c:\program files\Creative\SBAudigy\TaskBar\CTLTask.exe"
"Eyeball Chat"="c:\progra~1\Eyeball\EYEBAL~1\EyeballChat.exe" -min
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"Jet Detection"=c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
"CARPService"=carpserv.exe
"WINDVDPatch"=CTHELPER.EXE
"CTStartup"=c:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run
"Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Hry\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\hosting\\client\\HostingClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23048:TCP"= 23048:TCP:BitComet 23048 TCP
"23048:UDP"= 23048:UDP:BitComet 23048 UDP
"53:TCP"= 53:TCP:DNSPort
"53:UDP"= 53:UDP:DNSPort
"80:UDP"= 80:UDP:WebPort
"81:TCP"= 81:TCP:WebPort2
"81:UDP"= 81:UDP:WebPort2
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"80:TCP"= 80:TCP:WebPort
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [31.3.2006 22:15 24786]
R1 setup_9.0.0.722_21.07.2010_13-25drv;setup_9.0.0.722_21.07.2010_13-25drv;c:\windows\system32\drivers\4257489.sys [21.7.2010 12:00 315408]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [22.7.2010 11:06 14336]
R2 Apache2.2;Apache2.2;c:\hosting\apache\bin\httpd.exe [28.9.2009 23:41 24645]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30.3.2010 11:16 1107336]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [18.5.2010 16:01 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [18.5.2010 16:01 493032]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [26.9.2005 16:47 8576]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.12.2009 19:07 135664]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [15.8.2005 17:58 227200]
S3 CEDRIVER55;CEDRIVER55;c:\program files\Cheat Engine\dbk32.sys [13.9.2010 15:00 61056]
S3 Devx;Devx;c:\windows\system32\drivers\Devx.sys [29.11.2008 19:03 4448]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [31.3.2006 22:15 45534]
S3 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [29.11.2008 19:03 3328]
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\drivers\mrv8ka51.sys [24.3.2007 14:26 258560]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4.2.2009 15:34 717296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
2010-09-22 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-07-19 09:14]
2010-09-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-13 19:34]
2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:06]
2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:06]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search13.net/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Přelož do češtiny - c:\program files\Seznam Bezpecny Internet\SBI.dll/5034
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Hledej v &Seznamu - c:\program files\Seznam Bezpecny Internet\SBI.dll/5033
IE: Hledej v Seznam &Fulltextu - c:\program files\Seznam Bezpecny Internet\SBI.dll/5035
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
LSP: imon.dll
LSP: c:\windows\system32\idmmbc.dll
TCP: {05696265-2E64-4DC0-8F18-BF9B1D6C91D1} = 10.0.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-22 14:30
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
- - - - - - - > 'lsass.exe'(972)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
c:\windows\system32\idmmbc.dll
- - - - - - - > 'explorer.exe'(3004)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Eset\nod32krn.exe
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\carpserv.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Internet Download Manager\IEMonitor.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Celkový čas: 2010-09-22 14:53:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-09-22 12:53
ComboFix2.txt 2010-09-16 16:13
Před spuštěním: 5 845 049 344
Po spuštění: 6 271 827 968
- - End Of File - - D2D2463A694571B47F01B19878AA9983
Re: Prosím o kontrolu logu
A tady ten HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:00:56, on 22.9.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\hosting\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\hosting\apache\bin\httpd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: &Seznam Bezpečný Internet - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam Bezpecny Internet\SBI.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HostingClientShortcut.lnk = C:\hosting\client\HostingClient.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam Bezpecny Internet\SBI.dll/5034
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Hledej v &Seznamu - res://C:\Program Files\Seznam Bezpecny Internet\SBI.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://C:\Program Files\Seznam Bezpecny Internet\SBI.dll/5035
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05696265-2E64-4DC0-8F18-BF9B1D6C91D1}: NameServer = 10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{05696265-2E64-4DC0-8F18-BF9B1D6C91D1}: NameServer = 10.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{05696265-2E64-4DC0-8F18-BF9B1D6C91D1}: NameServer = 10.0.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{05696265-2E64-4DC0-8F18-BF9B1D6C91D1}: NameServer = 10.0.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\hosting\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: tomcat6 - Apache Software Foundation - C:\hosting\tomcat\bin\tomcat6.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 12845 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:00:56, on 22.9.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\hosting\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\hosting\apache\bin\httpd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: &Seznam Bezpečný Internet - {B71B15CE-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam Bezpecny Internet\SBI.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KodakShareButtonApp] C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HostingClientShortcut.lnk = C:\hosting\client\HostingClient.exe
O4 - Global Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\HP Instant Support DI\bin\matcli.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Přelož do češtiny - res://C:\Program Files\Seznam Bezpecny Internet\SBI.dll/5034
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Hledej v &Seznamu - res://C:\Program Files\Seznam Bezpecny Internet\SBI.dll/5033
O8 - Extra context menu item: Hledej v Seznam &Fulltextu - res://C:\Program Files\Seznam Bezpecny Internet\SBI.dll/5035
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05696265-2E64-4DC0-8F18-BF9B1D6C91D1}: NameServer = 10.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{05696265-2E64-4DC0-8F18-BF9B1D6C91D1}: NameServer = 10.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{05696265-2E64-4DC0-8F18-BF9B1D6C91D1}: NameServer = 10.0.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{05696265-2E64-4DC0-8F18-BF9B1D6C91D1}: NameServer = 10.0.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\hosting\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: tomcat6 - Apache Software Foundation - C:\hosting\tomcat\bin\tomcat6.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 12845 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43297
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Doporučuji odinstalovat Software Informer..
Odinstaluj:
DVDVideoSoft Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Napiš , jak je to s PC , rychlost , problémy..
Odinstaluj:
DVDVideoSoft Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabOtevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\Internet Logs\xDB3.tmp
c:\windows\Internet Logs\xDB92.tmp
c:\windows\Internet Logs\xDB2.tmp
c:\windows\Internet Logs\xDB1.tmp
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
c:\windows\Internet Logs\vsmon_2nd_2010_09_11_08_58_06_small.dmp.zip
c:\windows\Internet Logs\vsmon_2nd_2010_09_05_11_09_45_small.dmp.zip
:\windows\Internet Logs\vsmon_2nd_2010_08_14_09_50_01_small.dmp.zip
2010-08-14 07:56 . 2010-08-14 07:48 175716 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_08_14_09_39_03_small.dmp.zip
Registry::
[-HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[-HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
[-HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[-HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
[-HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000
DDS::
uSearchAssistant = hxxp://search13.net/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Napiš , jak je to s PC , rychlost , problémy..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 8 hostů