COMBO FIX
ComboFix 10-11-21.01 - Administrator 21.11.2010 21:17:23.6.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1438 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Administrator\Plocha\CFScript.txt
* Rezidentní štít AV je zapnutý
FILE ::
"d:\windows\Tasks\Norton Security Scan for Administrator.job"
"d:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\All Users\Data aplikací\Symantec
d:\documents and settings\All Users\Data aplikací\Symantec\symdata.xml
d:\program files\Ask.com
d:\program files\Ask.com\cobrand.ico
d:\program files\Ask.com\config.xml
d:\program files\Ask.com\favicon.ico
d:\program files\Ask.com\fv_4af.ico
d:\program files\Ask.com\GenericAskToolbar.dll
d:\program files\Ask.com\mupcfg.xml
d:\program files\Ask.com\SaUpdate.exe
d:\program files\Ask.com\UpdateTask.exe
d:\program files\Common Files\Symantec Shared
d:\program files\NortonInstaller
d:\windows\Tasks\Scheduled Update for Ask Toolbar.job
d:\windows\system32\drivers\asyncmac.sys . . . chybí !!
d:\windows\system32\drivers\asyncmac.sys . . . chybí !!
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GARENAPENGINE
-------\Service_GarenaPEngine
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-21 do 2010-11-21 )))))))))))))))))))))))))))))))
.
2010-11-21 11:22 . 2010-11-21 11:22 -------- d-----w- D:\rsit
2010-11-18 14:55 . 2008-11-07 17:55 16928 ------w- d:\windows\system32\spmsgXP_2k3.dll
2010-11-13 15:34 . 2010-11-13 15:35 -------- d-----w- d:\program files\PokerStars
2010-11-09 16:38 . 2010-11-09 16:38 -------- d-----w- d:\program files\Microsoft Silverlight
2010-11-07 11:01 . 2010-11-07 11:02 -------- d-----w- d:\program files\PhotoFiltre
2010-11-06 16:18 . 2010-11-06 16:18 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\teamspeak2
2010-11-06 16:18 . 2010-11-06 16:18 34064 ----a-w- d:\windows\system32\lhacm.acm
2010-11-06 16:18 . 2010-11-06 16:18 -------- d-----w- d:\program files\Teamspeak2_RC2
2010-11-02 18:27 . 2010-11-02 18:28 -------- d-----w- d:\program files\ICQ7.2
2010-10-30 19:04 . 2010-10-30 19:04 -------- d-----w- d:\program files\AMR Player
2010-10-28 07:59 . 2010-11-03 14:45 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2010-10-28 07:58 . 2010-10-28 07:58 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Data aplikací\Sunbelt Software
2010-10-28 07:57 . 2010-11-21 20:10 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Lavasoft
2010-10-28 07:40 . 2010-10-28 07:41 24202296 ----a-w- d:\program files\chrome_installer.exe
2010-10-28 07:40 . 2010-10-28 07:40 1187896 ----a-w- d:\program files\ccsetup236.exe
2010-10-28 07:29 . 2010-10-28 07:30 133581132 ----a-w- d:\program files\Ad-AwareInstall.exe
2010-10-27 14:10 . 2010-10-27 14:10 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Data aplikací\AOL
2010-10-25 15:50 . 2010-10-25 16:03 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\Nokia
2010-10-25 15:50 . 2010-10-25 15:50 -------- d-----w- d:\documents and settings\All Users\Data aplikací\PC Suite
2010-10-25 15:50 . 2010-10-25 15:50 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\PC Suite
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Common Files\PCSuite
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Common Files\Nokia
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\DIFX
2010-10-25 15:49 . 2008-08-26 08:26 18816 ----a-w- d:\windows\system32\drivers\pccsmcfd.sys
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\PC Connectivity Solution
2010-10-25 15:49 . 2010-11-21 20:10 -------- dc----w- d:\windows\system32\DRVSTORE
2010-10-25 15:49 . 2010-02-26 12:32 662016 ----a-w- d:\windows\system32\nmwcdcocls.dll
2010-10-25 15:49 . 2010-02-26 12:32 18176 ----a-w- d:\windows\system32\drivers\ccdcmb.sys
2010-10-25 15:49 . 2010-02-26 12:19 1461992 ----a-w- d:\windows\system32\wdfcoinstaller01009.dll
2010-10-25 15:49 . 2010-02-26 12:32 92672 ----a-w- d:\windows\system32\nmwcdcls.dll
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Nokia
2010-10-25 15:48 . 2010-10-25 15:48 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Installations
2010-10-23 13:07 . 2010-10-23 13:07 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\Need for Speed World
2010-10-23 13:02 . 2010-10-23 13:02 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Data aplikací\Electronic_Arts_Inc
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-20 10:03 . 2010-07-15 18:31 233960 ----a-w- d:\windows\system32\PnkBstrB.xtr
2010-11-20 10:03 . 2009-08-04 09:56 233960 ----a-w- d:\windows\system32\PnkBstrB.exe
2010-11-20 09:20 . 2009-08-04 09:56 138520 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2010-10-21 11:02 . 2009-08-04 09:56 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2010-10-20 11:09 . 2010-09-13 13:45 22328 ----a-w- d:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2010-09-30 13:15 . 2009-08-03 08:52 512096 ----a-w- d:\windows\system32\drivers\amon.sys
2010-09-30 13:15 . 2009-08-03 08:52 298104 ----a-w- d:\windows\system32\imon.dll
2010-09-30 13:15 . 2009-08-03 08:52 15424 ----a-w- d:\windows\system32\drivers\nod32drv.sys
2010-08-13 06:30 . 2010-07-19 13:56 6751816 ----a-w- d:\program files\xfire_installer.exe
2005-06-19 14:16 . 2010-09-12 12:41 6041600 ----a-w- d:\program files\BF2.exe
2008-04-14 06:52 468480 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
2008-04-14 06:52 73728 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\wmplayer.exe
.
------- Sigcheck -------
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe
[-] 2008-04-14 . 347A58792F9322CCAB5ED09FAB72803B . 111104 . . [5.4.3790.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\wuauclt.exe
[-] 2008-04-14 . 27B06B78F42D195C35ECA9199AF97CB9 . 115712 . . [5.4.3790.5512] . . d:\windows\system32\wuauclt.exe
[-] 2008-04-14 . B06B1E696E8B0117EFF67D91E83574AB . 724992 . . [5.82] . . d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 244159B19BC4B9B6E3CFE0305049F1C3 . 694784 . . [5.82] . . d:\windows\system32\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-04-14 . 5A80B641C10230FDE03DEAB04DCF5E0D . 3459072 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2008-04-14 . 07E3ECD608CE9ED9275D4B320E333002 . 3395072 . . [6.00.2900.5512] . . d:\windows\system32\mshtml.dll
[-] 2008-04-14 . 1BC2CBAF4395E7446EC57D1D14C408AD . 2448384 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2008-04-14 . 37993C2479A148B156DD61E17A2E0476 . 2367872 . . [5.1.2600.5512] . . d:\windows\system32\ntoskrnl.exe
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll
[-] 2008-04-14 . 5E7011ACCA2C391A9446C201D5848E23 . 812032 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2008-04-14 . 5D2352B05C0F41FFC0A8D4232752E5AC . 777216 . . [6.00.2900.5512] . . d:\windows\system32\wininet.dll
[-] 2008-04-14 . 121A686E3D61D9D45F25C03A1E4EC6D5 . 1541120 . . [6.00.2900.5512] . . d:\windows\explorer.exe
[-] 2008-04-14 . 137A31C90841DB6EF71ABE912E72121E . 1552384 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[7] 2008-04-14 . 21F836AAB269FF644E0E708B794B0DF7 . 1287168 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2008-04-14 . 79E4E0BCF353CA222DCCA7DD396F15A9 . 1312256 . . [5.1.2600.5512] . . d:\windows\system32\ole32.dll
[-] 2008-04-14 . D8152865F2A59D765AF8317E38AA5FB4 . 25088 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe
[-] 2008-12-19 . AF9671053F8E5272D879A0F0B2E418DD . 2325248 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2008-12-19 . BB65E17A747BE935D30B142297224DDB . 2244736 . . [5.1.2600.5512] . . d:\windows\system32\ntkrnlpa.exe
[-] 2008-04-14 . E3FB0D4B5717AB8FE3EAC459B72EC6D6 . 468480 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
d:\windows\System32\drivers\asyncmac.sys ... chybí !!
.
((((((((((((((((((((((((((((( SnapShot@2010-11-21_18.16.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 20:26 . 2010-11-21 20:26 16384 d:\windows\temp\Perflib_Perfdata_e70.dat
+ 2010-11-21 20:25 . 2010-11-21 20:25 16384 d:\windows\temp\Perflib_Perfdata_560.dat
+ 2010-11-21 18:43 . 2010-11-21 18:43 5120 d:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2010-11-02 12:39 . 2010-11-02 12:39 5120 d:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"ICQ"="d:\program files\ICQ7.2\ICQ.exe" [2010-11-02 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15797248]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2010-09-30 949376]
"Reloader"="d:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe" [2009-07-23 364846]
"UpdateReminder"="d:\program files\Eset\UpdateReminder.exe" [2010-11-03 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 40448]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="d:\program files\steam\steam.exe" -silent
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"CTFMON.EXE"=d:\windows\system32\ctfmon.exe
"Google Update"="d:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=d:\windows\system32\oodtray.exe
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\ICQ7.2\\aolload.exe"=
R0 m5288;m5288;d:\windows\system32\drivers\m5288.sys [31.8.2010 17:03 210304]
R0 Si3124;Si3124;d:\windows\system32\drivers\si3124.sys [19.12.2008 14:14 76208]
R0 Si3531;Si3531;d:\windows\system32\drivers\Si3531.sys [19.12.2008 14:14 210224]
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [23.7.2009 9:32 691696]
R1 nod32drv;nod32drv;d:\windows\system32\drivers\nod32drv.sys [3.8.2009 9:52 15424]
R2 cpuz134;cpuz134;d:\windows\system32\drivers\cpuz134_x32.sys [30.9.2010 16:26 20328]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena\safedrv.sys --> d:\program files\Garena\safedrv.sys [?]
S3 Revoflt;Revoflt;d:\windows\system32\drivers\revoflt.sys [20.2.2010 20:37 27064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-11-21 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-10-12 d:\windows\Tasks\HPpromotions journeysoftware.job
- d:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: d:\windows\system32\imon.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
BHO-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
Toolbar-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-21 21:25
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1409082233-1417001333-1801674531-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a6,19,81,df,cd,88,5f,78,20,04,ab,44,34,07,f2,3e,db,dc,50,28,b6,43,f7,
ab,13,2f,2b,fa,c7,d2,82,1e,21,3b,8c,c7,c4,03,9f,92,f5,ca,f7,82,41,6a,fc,12,\
"??"=hex:1d,5a,02,6e,a1,91,e1,37,80,a6,f8,27,69,5a,ff,b4
[HKEY_USERS\S-1-5-21-1409082233-1417001333-1801674531-500\Software\SecuROM\License information*]
"datasecu"=hex:d4,e4,ae,e9,c9,46,c8,20,09,1e,be,22,fc,7d,14,10,d6,84,2f,54,d0,
49,44,20,25,18,97,35,1f,35,49,39,e6,14,fa,89,fa,ac,87,e0,b9,43,22,2d,fb,15,\
"rkeysecu"=hex:e9,8a,d8,8c,04,8e,0c,6e,28,0d,12,16,3f,d7,c8,fd
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="9942A825F11C18E17EF1E4DFF26DFA58F3F272ED0AD9B2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5C8EDD5E5BE2F6E667079E2EEF457D4BDF4D4864A6B38FB31B9D140EC3BAC672681C7A847EFAF3F3BE0B32B1E1DF96773E8C5D0EE471ECC9E17B072AC2AFD81E89D06ECA2F81166BD61B2410D7343B61CD8374B0B18D13EBD465A6C81EE03D43F8F689AFD347258E09F8CD612959C41AFA85B2FE9C7CB893A5E006D4B8C72763CC636AF3C3E7730A73EBFA61C2A9419388EAB2CB45FDC91E5FF529D9082180E5F36F2300E94187EB093E6BF0A4C3F4298F8E7F12DF9065CCDAB10C0B986E63942D7BBCDDC5F498298FBE5412E18CD49579511BEBB8F7DFC6C9A41C3F86F3231E8EE6B0BD6AE916981FBF5C6DA4AA8BF88496FA1DABBC4092AD62BAED84BBC1957F176D717E4A207527191F502809F8D8C3450709A8AAC21FE105BEB7D99379EF3FF658EF3E830EDDE8A4AEA83D552D1D1FC99C39B65355BE8EA8F25CDF8BB5085C734653F847E7D7F9C08D0C4885729150130DD9EE889CA4B5ED924306F8979DBC7F03DC918CEA49C4D0343140CE3F6765159D3BFCE4716BAAF952F44C747451980ECC6D7F8E897D063A8E73B32CC43343480754A443DB1115F4D721CADC53AA7D9AD88C4D4969A4CF69FCD4C05F646C1F27F6BD39439EF6F08ABB982B5171934B234C651B80635288CBD2F79C67B5EF04318D32A44AAC600DED8D51AC38BFD9B6A943471C3986FBE954D7A48F8E01FECF6B5F94E480AB790ED04EE4A03BE1B14932CBA397BE927E81F8C9C675DF47BC385C76E88AD0F84EECEEF491EC46B0AF5F46E812E81F7D193035D6EEBFA9BAB1C010CFD73BECA350F182EAB90D0B384F2AF412CDFDAB70EFAC88A4CFF07EBF4BC6965C302F476F55C0CC8DE18EFDBAEEAE50B236DCF94A0901734A42A23673D8F68380E03419D3164B92AFB59359AACFC3EBA9CC1AE61BD00BFED34201EBA38F556C1600AC5F7B30D89D18825299B29918E2C8B9620D2995FB33C0EF4B7F5186B770E9C40D58462585B800391680AD562C525946F3D1EE8C5A21860E5713353CCAACBC0E5E8848DA42B59470BB12ACF354DC94E3A35917CBFDDA0C850C0E39100B46445CBD39491AD168F9E2B69873453A26A9A3D70E074F96F52D61669BF9C54C63A8D2DDF54311CB2A446C8CA1FB02D8D9BC3C8B9ED0F4250D3BD2F62B4C85B531073C028EE7CF1D57FD91587CF14283A5E289CE7CBF0280C0F8ABE0EE365DC1DD71850598994D045126F54840B5065C39A98A44DF511D50311F66DDDFF1BC3E1EEBBE52EAEE6195FBADE41DC4DC2E5E4B0E6124BF37521508D99D39B76E78CF296F1DEDA1B5CAB8BFFACBAEA7AE03D417"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(900)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\sfc_os.dll
d:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1024)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll
d:\windows\system32\psbase.dll
- - - - - - - > 'explorer.exe'(2936)
d:\windows\system32\COMRes.dll
d:\windows\System32\cscui.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
d:\windows\system32\WPDShServiceObj.dll
d:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
d:\program files\Eset\nod32krn.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\oodag.exe
d:\windows\system32\HPZipm12.exe
d:\windows\system32\PnkBstrA.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\windows\System32\TUProgSt.exe
d:\windows\system32\RUNDLL32.EXE
d:\windows\RTHDCPL.EXE
d:\windows\system32\wbem\wmiapsrv.exe
d:\program files\PC Connectivity Solution\ServiceLayer.exe
d:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-11-21 21:28:52 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-21 20:28
ComboFix2.txt 2010-11-21 18:19
Před spuštěním: Volných bajtů: 12 367 466 496
Po spuštění: Volných bajtů: 12 358 090 752
- - End Of File - - E406C70F5AC05B382D597CA64E6413C4
Kontrola logu HJT Vyřešeno
-
warcraftan
- Master Level 7
- Příspěvky: 4902
- Registrován: září 08
- Bydliště: Ostrava
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu HJT Vyřešeno
"You don't need to say sorry, it's poker" Antonio Esfandiari
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
-
warcraftan
- Master Level 7
- Příspěvky: 4902
- Registrován: září 08
- Bydliště: Ostrava
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu HJT
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:22, on 21.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\TUProgSt.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Reloader] D:\WINDOWS\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKLM\..\Run: [UpdateReminder] D:\Program Files\Eset\UpdateReminder.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Program Files\QIP\qip.exe (HKCU)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: CiSvc - Unknown owner - D:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe
--
End of file - 6585 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:22, on 21.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\TUProgSt.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Reloader] D:\WINDOWS\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKLM\..\Run: [UpdateReminder] D:\Program Files\Eset\UpdateReminder.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Program Files\QIP\qip.exe (HKCU)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: CiSvc - Unknown owner - D:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe
--
End of file - 6585 bytes
"You don't need to say sorry, it's poker" Antonio Esfandiari
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
-
warcraftan
- Master Level 7
- Příspěvky: 4902
- Registrován: září 08
- Bydliště: Ostrava
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu HJT
find bat
Svazek v jednotce D nemá žádnou jmenovku.
Sériové číslo svazku je 34B2-9F48.
Svazek v jednotce D nemá žádnou jmenovku.
Sériové číslo svazku je 34B2-9F48.
"You don't need to say sorry, it's poker" Antonio Esfandiari
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
-
warcraftan
- Master Level 7
- Příspěvky: 4902
- Registrován: září 08
- Bydliště: Ostrava
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu HJT
VT udělam zitra, ted mam internet off. zatím díky
"You don't need to say sorry, it's poker" Antonio Esfandiari
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43297
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu HJT
Vt sem potom dodej..
Stáhni si zde:
http://www.edisk.cz/stahni/75319/asyncm ... .16KB.html
rozbal a vyjmi soubor asyncmac.sys a vlož ho do d:\ , takže to bude takto:
d:\asyncmac.sys
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Stáhni si zde:
http://www.edisk.cz/stahni/75319/asyncm ... .16KB.html
rozbal a vyjmi soubor asyncmac.sys a vlož ho do d:\ , takže to bude takto:
d:\asyncmac.sys
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
FCOPY::
d:\asyncmac.sys | d:\windows\system32\drivers\asyncmac.sys
d:\asyncmac.sys | d:\windows\system32\dllcache\asyncmac.sysZvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
warcraftan
- Master Level 7
- Příspěvky: 4902
- Registrován: září 08
- Bydliště: Ostrava
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu HJT
Zatím VT zde
Od shora dolů všechno
0/ 42 (0.0%)
0/ 43 (0.0%)
0/ 43 (0.0%
0/ 42 (0.0%)
0/ 41 (0.0%)
0/ 43 (0.0%)
Ten explorer jsem nějak nemohl otestovat, to se jak děla, když explorer je vlastně plocha.
Od shora dolů všechno
0/ 42 (0.0%)
0/ 43 (0.0%)
0/ 43 (0.0%
0/ 42 (0.0%)
0/ 41 (0.0%)
0/ 43 (0.0%)
Ten explorer jsem nějak nemohl otestovat, to se jak děla, když explorer je vlastně plocha.
"You don't need to say sorry, it's poker" Antonio Esfandiari
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
-
warcraftan
- Master Level 7
- Příspěvky: 4902
- Registrován: září 08
- Bydliště: Ostrava
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu HJT
ComboFix 10-11-21.01 - Administrator 22.11.2010 16:02:42.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1553 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Administrator\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\program files\ICQ6.5\updates\ICQLRun.exe.f9cb5bbb98c818d0e6c63e8613a6d549
.
--------------- FCopy ---------------
d:\asyncmac.sys --> d:\windows\system32\drivers\asyncmac.sys
d:\asyncmac.sys --> d:\windows\system32\dllcache\asyncmac.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-22 do 2010-11-22 )))))))))))))))))))))))))))))))
.
2010-11-22 15:02 . 2008-04-14 12:00 14336 ----a-w- d:\windows\system32\drivers\asyncmac.sys
2010-11-22 15:02 . 2008-04-14 12:00 14336 ----a-w- d:\windows\system32\dllcache\asyncmac.sys
2010-11-22 14:35 . 2008-04-14 12:00 14336 ------w- D:\asyncmac.sys
2010-11-21 11:22 . 2010-11-21 11:22 -------- d-----w- D:\rsit
2010-11-18 14:55 . 2008-11-07 17:55 16928 ------w- d:\windows\system32\spmsgXP_2k3.dll
2010-11-13 15:34 . 2010-11-13 15:35 -------- d-----w- d:\program files\PokerStars
2010-11-09 16:38 . 2010-11-09 16:38 -------- d-----w- d:\program files\Microsoft Silverlight
2010-11-07 11:01 . 2010-11-07 11:02 -------- d-----w- d:\program files\PhotoFiltre
2010-11-06 16:18 . 2010-11-06 16:18 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\teamspeak2
2010-11-06 16:18 . 2010-11-06 16:18 34064 ----a-w- d:\windows\system32\lhacm.acm
2010-11-06 16:18 . 2010-11-06 16:18 -------- d-----w- d:\program files\Teamspeak2_RC2
2010-11-02 18:27 . 2010-11-02 18:28 -------- d-----w- d:\program files\ICQ7.2
2010-10-30 19:04 . 2010-10-30 19:04 -------- d-----w- d:\program files\AMR Player
2010-10-28 07:59 . 2010-11-03 14:45 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2010-10-28 07:58 . 2010-10-28 07:58 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Data aplikací\Sunbelt Software
2010-10-28 07:57 . 2010-11-21 20:10 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Lavasoft
2010-10-28 07:40 . 2010-10-28 07:41 24202296 ----a-w- d:\program files\chrome_installer.exe
2010-10-28 07:40 . 2010-10-28 07:40 1187896 ----a-w- d:\program files\ccsetup236.exe
2010-10-28 07:29 . 2010-10-28 07:30 133581132 ----a-w- d:\program files\Ad-AwareInstall.exe
2010-10-27 14:10 . 2010-10-27 14:10 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Data aplikací\AOL
2010-10-25 15:50 . 2010-10-25 16:03 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\Nokia
2010-10-25 15:50 . 2010-10-25 15:50 -------- d-----w- d:\documents and settings\All Users\Data aplikací\PC Suite
2010-10-25 15:50 . 2010-10-25 15:50 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\PC Suite
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Common Files\PCSuite
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Common Files\Nokia
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\DIFX
2010-10-25 15:49 . 2008-08-26 08:26 18816 ----a-w- d:\windows\system32\drivers\pccsmcfd.sys
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\PC Connectivity Solution
2010-10-25 15:49 . 2010-11-21 20:10 -------- dc----w- d:\windows\system32\DRVSTORE
2010-10-25 15:49 . 2010-02-26 12:32 662016 ----a-w- d:\windows\system32\nmwcdcocls.dll
2010-10-25 15:49 . 2010-02-26 12:32 18176 ----a-w- d:\windows\system32\drivers\ccdcmb.sys
2010-10-25 15:49 . 2010-02-26 12:19 1461992 ----a-w- d:\windows\system32\wdfcoinstaller01009.dll
2010-10-25 15:49 . 2010-02-26 12:32 92672 ----a-w- d:\windows\system32\nmwcdcls.dll
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Nokia
2010-10-25 15:48 . 2010-10-25 15:48 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 12:32 . 2010-07-15 18:31 233960 ----a-w- d:\windows\system32\PnkBstrB.xtr
2010-11-22 12:32 . 2009-08-04 09:56 233960 ----a-w- d:\windows\system32\PnkBstrB.exe
2010-11-22 11:57 . 2009-08-04 09:56 138520 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2010-10-21 11:02 . 2009-08-04 09:56 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2010-10-20 11:09 . 2010-09-13 13:45 22328 ----a-w- d:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2010-09-30 13:15 . 2009-08-03 08:52 512096 ----a-w- d:\windows\system32\drivers\amon.sys
2010-09-30 13:15 . 2009-08-03 08:52 298104 ----a-w- d:\windows\system32\imon.dll
2010-09-30 13:15 . 2009-08-03 08:52 15424 ----a-w- d:\windows\system32\drivers\nod32drv.sys
2010-08-13 06:30 . 2010-07-19 13:56 6751816 ----a-w- d:\program files\xfire_installer.exe
2005-06-19 14:16 . 2010-09-12 12:41 6041600 ----a-w- d:\program files\BF2.exe
2008-04-14 06:52 468480 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
2008-04-14 06:52 73728 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\wmplayer.exe
.
------- Sigcheck -------
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe
[-] 2008-04-14 . 347A58792F9322CCAB5ED09FAB72803B . 111104 . . [5.4.3790.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\wuauclt.exe
[-] 2008-04-14 . 27B06B78F42D195C35ECA9199AF97CB9 . 115712 . . [5.4.3790.5512] . . d:\windows\system32\wuauclt.exe
[-] 2008-04-14 . B06B1E696E8B0117EFF67D91E83574AB . 724992 . . [5.82] . . d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 244159B19BC4B9B6E3CFE0305049F1C3 . 694784 . . [5.82] . . d:\windows\system32\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-04-14 . 5A80B641C10230FDE03DEAB04DCF5E0D . 3459072 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2008-04-14 . 07E3ECD608CE9ED9275D4B320E333002 . 3395072 . . [6.00.2900.5512] . . d:\windows\system32\mshtml.dll
[-] 2008-04-14 . 1BC2CBAF4395E7446EC57D1D14C408AD . 2448384 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2008-04-14 . 37993C2479A148B156DD61E17A2E0476 . 2367872 . . [5.1.2600.5512] . . d:\windows\system32\ntoskrnl.exe
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll
[-] 2008-04-14 . 5E7011ACCA2C391A9446C201D5848E23 . 812032 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2008-04-14 . 5D2352B05C0F41FFC0A8D4232752E5AC . 777216 . . [6.00.2900.5512] . . d:\windows\system32\wininet.dll
[-] 2008-04-14 . 121A686E3D61D9D45F25C03A1E4EC6D5 . 1541120 . . [6.00.2900.5512] . . d:\windows\explorer.exe
[-] 2008-04-14 . 137A31C90841DB6EF71ABE912E72121E . 1552384 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[7] 2008-04-14 . 21F836AAB269FF644E0E708B794B0DF7 . 1287168 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2008-04-14 . 79E4E0BCF353CA222DCCA7DD396F15A9 . 1312256 . . [5.1.2600.5512] . . d:\windows\system32\ole32.dll
[-] 2008-04-14 . D8152865F2A59D765AF8317E38AA5FB4 . 25088 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe
[-] 2008-12-19 . AF9671053F8E5272D879A0F0B2E418DD . 2325248 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2008-12-19 . BB65E17A747BE935D30B142297224DDB . 2244736 . . [5.1.2600.5512] . . d:\windows\system32\ntkrnlpa.exe
[-] 2008-04-14 . E3FB0D4B5717AB8FE3EAC459B72EC6D6 . 468480 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-11-21_18.16.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 d:\windows\temp\Perflib_Perfdata_954.dat
+ 2010-11-22 15:07 . 2010-11-22 15:07 16384 d:\windows\temp\Perflib_Perfdata_51c.dat
+ 2010-11-22 11:51 . 2010-11-22 11:51 5120 d:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2010-11-02 12:39 . 2010-11-02 12:39 5120 d:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"ICQ"="d:\program files\ICQ7.2\ICQ.exe" [2010-11-02 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15797248]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2010-09-30 949376]
"Reloader"="d:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe" [2009-07-23 364846]
"UpdateReminder"="d:\program files\Eset\UpdateReminder.exe" [2010-11-03 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 40448]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="d:\program files\steam\steam.exe" -silent
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"CTFMON.EXE"=d:\windows\system32\ctfmon.exe
"Google Update"="d:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=d:\windows\system32\oodtray.exe
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\ICQ7.2\\aolload.exe"=
R0 m5288;m5288;d:\windows\system32\drivers\m5288.sys [31.8.2010 17:03 210304]
R0 Si3124;Si3124;d:\windows\system32\drivers\si3124.sys [19.12.2008 14:14 76208]
R0 Si3531;Si3531;d:\windows\system32\drivers\Si3531.sys [19.12.2008 14:14 210224]
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [23.7.2009 9:32 691696]
R1 nod32drv;nod32drv;d:\windows\system32\drivers\nod32drv.sys [3.8.2009 9:52 15424]
R2 cpuz134;cpuz134;d:\windows\system32\drivers\cpuz134_x32.sys [30.9.2010 16:26 20328]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena\safedrv.sys --> d:\program files\Garena\safedrv.sys [?]
S3 Revoflt;Revoflt;d:\windows\system32\drivers\revoflt.sys [20.2.2010 20:37 27064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-11-22 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-10-12 d:\windows\Tasks\HPpromotions journeysoftware.job
- d:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: d:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-22 16:08
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1409082233-1417001333-1801674531-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a6,19,81,df,cd,88,5f,78,20,04,ab,44,34,07,f2,3e,db,dc,50,28,b6,43,f7,
ab,13,2f,2b,fa,c7,d2,82,1e,21,3b,8c,c7,c4,03,9f,92,f5,ca,f7,82,41,6a,fc,12,\
"??"=hex:1d,5a,02,6e,a1,91,e1,37,80,a6,f8,27,69,5a,ff,b4
[HKEY_USERS\S-1-5-21-1409082233-1417001333-1801674531-500\Software\SecuROM\License information*]
"datasecu"=hex:d4,e4,ae,e9,c9,46,c8,20,09,1e,be,22,fc,7d,14,10,d6,84,2f,54,d0,
49,44,20,25,18,97,35,1f,35,49,39,e6,14,fa,89,fa,ac,87,e0,b9,43,22,2d,fb,15,\
"rkeysecu"=hex:e9,8a,d8,8c,04,8e,0c,6e,28,0d,12,16,3f,d7,c8,fd
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="9942A825F11C18E17EF1E4DFF26DFA58F3F272ED0AD9B2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5C8EDD5E5BE2F6E667079E2EEF457D4BDF4D4864A6B38FB31B9D140EC3BAC672681C7A847EFAF3F3BE0B32B1E1DF96773E8C5D0EE471ECC9E17B072AC2AFD81E89D06ECA2F81166BD61B2410D7343B61CD8374B0B18D13EBD465A6C81EE03D43F8F689AFD347258E09F8CD612959C41AFA85B2FE9C7CB893A5E006D4B8C72763CC636AF3C3E7730A73EBFA61C2A9419388EAB2CB45FDC91E5FF529D9082180E5F36F2300E94187EB093E6BF0A4C3F4298F8E7F12DF9065CCDAB10C0B986E63942D7BBCDDC5F498298FBE5412E18CD49579511BEBB8F7DFC6C9A41C3F86F3231E8EE6B0BD6AE916981FBF5C6DA4AA8BF88496FA1DABBC4092AD62BAED84BBC1957F176D717E4A207527191F502809F8D8C3450709A8AAC21FE105BEB7D99379EF3FF658EF3E830EDDE8A4AEA83D552D1D1FC99C39B65355BE8EA8F25CDF8BB5085C734653F847E7D7F9C08D0C4885729150130DD9EE889CA4B5ED924306F8979DBC7F03DC918CEA49C4D0343140CE3F6765159D3BFCE4716BAAF952F44C747451980ECC6D7F8E897D063A8E73B32CC43343480754A443DB1115F4D721CADC53AA7D9AD88C4D4969A4CF69FCD4C05F646C1F27F6BD39439EF6F08ABB982B5171934B234C651B80635288CBD2F79C67B5EF04318D32A44AAC600DED8D51AC38BFD9B6A943471C3986FBE954D7A48F8E01FECF6B5F94E480AB790ED04EE4A03BE1B14932CBA397BE927E81F8C9C675DF47BC385C76E88AD0F84EECEEF491EC46B0AF5F46E812E81F7D193035D6EEBFA9BAB1C010CFD73BECA350F182EAB90D0B384F2AF412CDFDAB70EFAC88A4CFF07EBF4BC6965C302F476F55C0CC8DE18EFDBAEEAE50B236DCF94A0901734A42A23673D8F68380E03419D3164B92AFB59359AACFC3EBA9CC1AE61BD00BFED34201EBA38F556C1600AC5F7B30D89D18825299B29918E2C8B9620D2995FB33C0EF4B7F5186B770E9C40D58462585B800391680AD562C525946F3D1EE8C5A21860E5713353CCAACBC0E5E8848DA42B59470BB12ACF354DC94E3A35917CBFDDA0C850C0E39100B46445CBD39491AD168F9E2B69873453A26A9A3D70E074F96F52D61669BF9C54C63A8D2DDF54311CB2A446C8CA1FB02D8D9BC3C8B9ED0F4250D3BD2F62B4C85B531073C028EE7CF1D57FD91587CF14283A5E289CE7CBF0280C0F8ABE0EE365DC1DD71850598994D045126F54840B5065C39A98A44DF511D50311F66DDDFF1BC3E1EEBBE52EAEE6195FBADE41DC4DC2E5E4B0E6124BF37521508D99D39B76E78CF296F1DEDA1B5CAB8BFFACBAEA7AE03D417"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(884)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\sfc_os.dll
d:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1008)
d:\windows\system32\setupapi.dll
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll
d:\windows\system32\psbase.dll
- - - - - - - > 'explorer.exe'(3904)
d:\windows\system32\COMRes.dll
d:\windows\System32\cscui.dll
d:\windows\system32\SETUPAPI.dll
d:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
d:\windows\system32\WPDShServiceObj.dll
d:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
d:\program files\Eset\nod32krn.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\oodag.exe
d:\windows\system32\HPZipm12.exe
d:\windows\system32\PnkBstrA.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\windows\System32\TUProgSt.exe
d:\windows\system32\RUNDLL32.EXE
d:\windows\RTHDCPL.EXE
d:\windows\system32\wbem\wmiapsrv.exe
d:\program files\PC Connectivity Solution\ServiceLayer.exe
d:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-11-22 16:11:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-22 15:11
ComboFix2.txt 2010-11-21 20:28
ComboFix3.txt 2010-11-21 18:19
Před spuštěním: Volných bajtů: 12 271 599 616
Po spuštění: Volných bajtů: 12 263 411 712
- - End Of File - - 01ED540450F72CDD523A45318DBC5DA8
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1553 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Administrator\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\program files\ICQ6.5\updates\ICQLRun.exe.f9cb5bbb98c818d0e6c63e8613a6d549
.
--------------- FCopy ---------------
d:\asyncmac.sys --> d:\windows\system32\drivers\asyncmac.sys
d:\asyncmac.sys --> d:\windows\system32\dllcache\asyncmac.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-22 do 2010-11-22 )))))))))))))))))))))))))))))))
.
2010-11-22 15:02 . 2008-04-14 12:00 14336 ----a-w- d:\windows\system32\drivers\asyncmac.sys
2010-11-22 15:02 . 2008-04-14 12:00 14336 ----a-w- d:\windows\system32\dllcache\asyncmac.sys
2010-11-22 14:35 . 2008-04-14 12:00 14336 ------w- D:\asyncmac.sys
2010-11-21 11:22 . 2010-11-21 11:22 -------- d-----w- D:\rsit
2010-11-18 14:55 . 2008-11-07 17:55 16928 ------w- d:\windows\system32\spmsgXP_2k3.dll
2010-11-13 15:34 . 2010-11-13 15:35 -------- d-----w- d:\program files\PokerStars
2010-11-09 16:38 . 2010-11-09 16:38 -------- d-----w- d:\program files\Microsoft Silverlight
2010-11-07 11:01 . 2010-11-07 11:02 -------- d-----w- d:\program files\PhotoFiltre
2010-11-06 16:18 . 2010-11-06 16:18 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\teamspeak2
2010-11-06 16:18 . 2010-11-06 16:18 34064 ----a-w- d:\windows\system32\lhacm.acm
2010-11-06 16:18 . 2010-11-06 16:18 -------- d-----w- d:\program files\Teamspeak2_RC2
2010-11-02 18:27 . 2010-11-02 18:28 -------- d-----w- d:\program files\ICQ7.2
2010-10-30 19:04 . 2010-10-30 19:04 -------- d-----w- d:\program files\AMR Player
2010-10-28 07:59 . 2010-11-03 14:45 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2010-10-28 07:58 . 2010-10-28 07:58 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Data aplikací\Sunbelt Software
2010-10-28 07:57 . 2010-11-21 20:10 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Lavasoft
2010-10-28 07:40 . 2010-10-28 07:41 24202296 ----a-w- d:\program files\chrome_installer.exe
2010-10-28 07:40 . 2010-10-28 07:40 1187896 ----a-w- d:\program files\ccsetup236.exe
2010-10-28 07:29 . 2010-10-28 07:30 133581132 ----a-w- d:\program files\Ad-AwareInstall.exe
2010-10-27 14:10 . 2010-10-27 14:10 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Data aplikací\AOL
2010-10-25 15:50 . 2010-10-25 16:03 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\Nokia
2010-10-25 15:50 . 2010-10-25 15:50 -------- d-----w- d:\documents and settings\All Users\Data aplikací\PC Suite
2010-10-25 15:50 . 2010-10-25 15:50 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\PC Suite
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Common Files\PCSuite
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Common Files\Nokia
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\DIFX
2010-10-25 15:49 . 2008-08-26 08:26 18816 ----a-w- d:\windows\system32\drivers\pccsmcfd.sys
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\PC Connectivity Solution
2010-10-25 15:49 . 2010-11-21 20:10 -------- dc----w- d:\windows\system32\DRVSTORE
2010-10-25 15:49 . 2010-02-26 12:32 662016 ----a-w- d:\windows\system32\nmwcdcocls.dll
2010-10-25 15:49 . 2010-02-26 12:32 18176 ----a-w- d:\windows\system32\drivers\ccdcmb.sys
2010-10-25 15:49 . 2010-02-26 12:19 1461992 ----a-w- d:\windows\system32\wdfcoinstaller01009.dll
2010-10-25 15:49 . 2010-02-26 12:32 92672 ----a-w- d:\windows\system32\nmwcdcls.dll
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Nokia
2010-10-25 15:48 . 2010-10-25 15:48 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 12:32 . 2010-07-15 18:31 233960 ----a-w- d:\windows\system32\PnkBstrB.xtr
2010-11-22 12:32 . 2009-08-04 09:56 233960 ----a-w- d:\windows\system32\PnkBstrB.exe
2010-11-22 11:57 . 2009-08-04 09:56 138520 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2010-10-21 11:02 . 2009-08-04 09:56 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2010-10-20 11:09 . 2010-09-13 13:45 22328 ----a-w- d:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2010-09-30 13:15 . 2009-08-03 08:52 512096 ----a-w- d:\windows\system32\drivers\amon.sys
2010-09-30 13:15 . 2009-08-03 08:52 298104 ----a-w- d:\windows\system32\imon.dll
2010-09-30 13:15 . 2009-08-03 08:52 15424 ----a-w- d:\windows\system32\drivers\nod32drv.sys
2010-08-13 06:30 . 2010-07-19 13:56 6751816 ----a-w- d:\program files\xfire_installer.exe
2005-06-19 14:16 . 2010-09-12 12:41 6041600 ----a-w- d:\program files\BF2.exe
2008-04-14 06:52 468480 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
2008-04-14 06:52 73728 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\wmplayer.exe
.
------- Sigcheck -------
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe
[-] 2008-04-14 . 347A58792F9322CCAB5ED09FAB72803B . 111104 . . [5.4.3790.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\wuauclt.exe
[-] 2008-04-14 . 27B06B78F42D195C35ECA9199AF97CB9 . 115712 . . [5.4.3790.5512] . . d:\windows\system32\wuauclt.exe
[-] 2008-04-14 . B06B1E696E8B0117EFF67D91E83574AB . 724992 . . [5.82] . . d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 244159B19BC4B9B6E3CFE0305049F1C3 . 694784 . . [5.82] . . d:\windows\system32\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-04-14 . 5A80B641C10230FDE03DEAB04DCF5E0D . 3459072 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2008-04-14 . 07E3ECD608CE9ED9275D4B320E333002 . 3395072 . . [6.00.2900.5512] . . d:\windows\system32\mshtml.dll
[-] 2008-04-14 . 1BC2CBAF4395E7446EC57D1D14C408AD . 2448384 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2008-04-14 . 37993C2479A148B156DD61E17A2E0476 . 2367872 . . [5.1.2600.5512] . . d:\windows\system32\ntoskrnl.exe
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll
[-] 2008-04-14 . 5E7011ACCA2C391A9446C201D5848E23 . 812032 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2008-04-14 . 5D2352B05C0F41FFC0A8D4232752E5AC . 777216 . . [6.00.2900.5512] . . d:\windows\system32\wininet.dll
[-] 2008-04-14 . 121A686E3D61D9D45F25C03A1E4EC6D5 . 1541120 . . [6.00.2900.5512] . . d:\windows\explorer.exe
[-] 2008-04-14 . 137A31C90841DB6EF71ABE912E72121E . 1552384 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[7] 2008-04-14 . 21F836AAB269FF644E0E708B794B0DF7 . 1287168 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2008-04-14 . 79E4E0BCF353CA222DCCA7DD396F15A9 . 1312256 . . [5.1.2600.5512] . . d:\windows\system32\ole32.dll
[-] 2008-04-14 . D8152865F2A59D765AF8317E38AA5FB4 . 25088 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe
[-] 2008-12-19 . AF9671053F8E5272D879A0F0B2E418DD . 2325248 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2008-12-19 . BB65E17A747BE935D30B142297224DDB . 2244736 . . [5.1.2600.5512] . . d:\windows\system32\ntkrnlpa.exe
[-] 2008-04-14 . E3FB0D4B5717AB8FE3EAC459B72EC6D6 . 468480 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-11-21_18.16.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 1601-01-01 00:00 . 1601-01-01 00:00 0 d:\windows\temp\Perflib_Perfdata_954.dat
+ 2010-11-22 15:07 . 2010-11-22 15:07 16384 d:\windows\temp\Perflib_Perfdata_51c.dat
+ 2010-11-22 11:51 . 2010-11-22 11:51 5120 d:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2010-11-02 12:39 . 2010-11-02 12:39 5120 d:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"ICQ"="d:\program files\ICQ7.2\ICQ.exe" [2010-11-02 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15797248]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2010-09-30 949376]
"Reloader"="d:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe" [2009-07-23 364846]
"UpdateReminder"="d:\program files\Eset\UpdateReminder.exe" [2010-11-03 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 40448]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="d:\program files\steam\steam.exe" -silent
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"CTFMON.EXE"=d:\windows\system32\ctfmon.exe
"Google Update"="d:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=d:\windows\system32\oodtray.exe
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\ICQ7.2\\aolload.exe"=
R0 m5288;m5288;d:\windows\system32\drivers\m5288.sys [31.8.2010 17:03 210304]
R0 Si3124;Si3124;d:\windows\system32\drivers\si3124.sys [19.12.2008 14:14 76208]
R0 Si3531;Si3531;d:\windows\system32\drivers\Si3531.sys [19.12.2008 14:14 210224]
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [23.7.2009 9:32 691696]
R1 nod32drv;nod32drv;d:\windows\system32\drivers\nod32drv.sys [3.8.2009 9:52 15424]
R2 cpuz134;cpuz134;d:\windows\system32\drivers\cpuz134_x32.sys [30.9.2010 16:26 20328]
S3 GGSAFERDriver;GGSAFER Driver;\??\d:\program files\Garena\safedrv.sys --> d:\program files\Garena\safedrv.sys [?]
S3 Revoflt;Revoflt;d:\windows\system32\drivers\revoflt.sys [20.2.2010 20:37 27064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-11-22 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-10-12 d:\windows\Tasks\HPpromotions journeysoftware.job
- d:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: d:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-22 16:08
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1409082233-1417001333-1801674531-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a6,19,81,df,cd,88,5f,78,20,04,ab,44,34,07,f2,3e,db,dc,50,28,b6,43,f7,
ab,13,2f,2b,fa,c7,d2,82,1e,21,3b,8c,c7,c4,03,9f,92,f5,ca,f7,82,41,6a,fc,12,\
"??"=hex:1d,5a,02,6e,a1,91,e1,37,80,a6,f8,27,69,5a,ff,b4
[HKEY_USERS\S-1-5-21-1409082233-1417001333-1801674531-500\Software\SecuROM\License information*]
"datasecu"=hex:d4,e4,ae,e9,c9,46,c8,20,09,1e,be,22,fc,7d,14,10,d6,84,2f,54,d0,
49,44,20,25,18,97,35,1f,35,49,39,e6,14,fa,89,fa,ac,87,e0,b9,43,22,2d,fb,15,\
"rkeysecu"=hex:e9,8a,d8,8c,04,8e,0c,6e,28,0d,12,16,3f,d7,c8,fd
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="9942A825F11C18E17EF1E4DFF26DFA58F3F272ED0AD9B2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5C8EDD5E5BE2F6E667079E2EEF457D4BDF4D4864A6B38FB31B9D140EC3BAC672681C7A847EFAF3F3BE0B32B1E1DF96773E8C5D0EE471ECC9E17B072AC2AFD81E89D06ECA2F81166BD61B2410D7343B61CD8374B0B18D13EBD465A6C81EE03D43F8F689AFD347258E09F8CD612959C41AFA85B2FE9C7CB893A5E006D4B8C72763CC636AF3C3E7730A73EBFA61C2A9419388EAB2CB45FDC91E5FF529D9082180E5F36F2300E94187EB093E6BF0A4C3F4298F8E7F12DF9065CCDAB10C0B986E63942D7BBCDDC5F498298FBE5412E18CD49579511BEBB8F7DFC6C9A41C3F86F3231E8EE6B0BD6AE916981FBF5C6DA4AA8BF88496FA1DABBC4092AD62BAED84BBC1957F176D717E4A207527191F502809F8D8C3450709A8AAC21FE105BEB7D99379EF3FF658EF3E830EDDE8A4AEA83D552D1D1FC99C39B65355BE8EA8F25CDF8BB5085C734653F847E7D7F9C08D0C4885729150130DD9EE889CA4B5ED924306F8979DBC7F03DC918CEA49C4D0343140CE3F6765159D3BFCE4716BAAF952F44C747451980ECC6D7F8E897D063A8E73B32CC43343480754A443DB1115F4D721CADC53AA7D9AD88C4D4969A4CF69FCD4C05F646C1F27F6BD39439EF6F08ABB982B5171934B234C651B80635288CBD2F79C67B5EF04318D32A44AAC600DED8D51AC38BFD9B6A943471C3986FBE954D7A48F8E01FECF6B5F94E480AB790ED04EE4A03BE1B14932CBA397BE927E81F8C9C675DF47BC385C76E88AD0F84EECEEF491EC46B0AF5F46E812E81F7D193035D6EEBFA9BAB1C010CFD73BECA350F182EAB90D0B384F2AF412CDFDAB70EFAC88A4CFF07EBF4BC6965C302F476F55C0CC8DE18EFDBAEEAE50B236DCF94A0901734A42A23673D8F68380E03419D3164B92AFB59359AACFC3EBA9CC1AE61BD00BFED34201EBA38F556C1600AC5F7B30D89D18825299B29918E2C8B9620D2995FB33C0EF4B7F5186B770E9C40D58462585B800391680AD562C525946F3D1EE8C5A21860E5713353CCAACBC0E5E8848DA42B59470BB12ACF354DC94E3A35917CBFDDA0C850C0E39100B46445CBD39491AD168F9E2B69873453A26A9A3D70E074F96F52D61669BF9C54C63A8D2DDF54311CB2A446C8CA1FB02D8D9BC3C8B9ED0F4250D3BD2F62B4C85B531073C028EE7CF1D57FD91587CF14283A5E289CE7CBF0280C0F8ABE0EE365DC1DD71850598994D045126F54840B5065C39A98A44DF511D50311F66DDDFF1BC3E1EEBBE52EAEE6195FBADE41DC4DC2E5E4B0E6124BF37521508D99D39B76E78CF296F1DEDA1B5CAB8BFFACBAEA7AE03D417"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(884)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\sfc_os.dll
d:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1008)
d:\windows\system32\setupapi.dll
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll
d:\windows\system32\psbase.dll
- - - - - - - > 'explorer.exe'(3904)
d:\windows\system32\COMRes.dll
d:\windows\System32\cscui.dll
d:\windows\system32\SETUPAPI.dll
d:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
d:\windows\system32\WPDShServiceObj.dll
d:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
d:\program files\Eset\nod32krn.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\oodag.exe
d:\windows\system32\HPZipm12.exe
d:\windows\system32\PnkBstrA.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\windows\System32\TUProgSt.exe
d:\windows\system32\RUNDLL32.EXE
d:\windows\RTHDCPL.EXE
d:\windows\system32\wbem\wmiapsrv.exe
d:\program files\PC Connectivity Solution\ServiceLayer.exe
d:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-11-22 16:11:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-22 15:11
ComboFix2.txt 2010-11-21 20:28
ComboFix3.txt 2010-11-21 18:19
Před spuštěním: Volných bajtů: 12 271 599 616
Po spuštění: Volných bajtů: 12 263 411 712
- - End Of File - - 01ED540450F72CDD523A45318DBC5DA8
"You don't need to say sorry, it's poker" Antonio Esfandiari
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43297
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu HJT
Ten explorer jsem nějak nemohl otestovat, to se jak děla, když explorer je vlastně plocha.
zkopíruj ho do jiného umístění, třeba do dokumentů , a vlož na VT.
Odinstaluj garenu ( pokud jde)..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
d:\windows\system32\drivers\asyncmac.sys
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
zkopíruj ho do jiného umístění, třeba do dokumentů , a vlož na VT.
Odinstaluj garenu ( pokud jde)..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
d:\program files\ccsetup236.exe
D:\asyncmac.sys
Folder::
d:\program files\Garena
Driver::
GGSAFERDriver
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
d:\windows\system32\drivers\asyncmac.sys
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
warcraftan
- Master Level 7
- Příspěvky: 4902
- Registrován: září 08
- Bydliště: Ostrava
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu HJT
Takže výsledek "asyncmac.syc" 0/40
Combo Fix ComboFix 10-11-21.01 - Administrator 22.11.2010 20:02:42.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1555 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Administrator\Plocha\CFScript.txt
* Rezidentní štít AV je zapnutý
FILE ::
"D:\asyncmac.sys"
"d:\program files\ccsetup236.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\asyncmac.sys
d:\program files\ccsetup236.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GGSAFERDRIVER
-------\Service_GGSAFERDriver
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-22 do 2010-11-22 )))))))))))))))))))))))))))))))
.
2010-11-22 15:02 . 2008-04-14 12:00 14336 ----a-w- d:\windows\system32\drivers\asyncmac.sys
2010-11-22 15:02 . 2008-04-14 12:00 14336 ----a-w- d:\windows\system32\dllcache\asyncmac.sys
2010-11-21 11:22 . 2010-11-21 11:22 -------- d-----w- D:\rsit
2010-11-18 14:55 . 2008-11-07 17:55 16928 ------w- d:\windows\system32\spmsgXP_2k3.dll
2010-11-13 15:34 . 2010-11-13 15:35 -------- d-----w- d:\program files\PokerStars
2010-11-09 16:38 . 2010-11-09 16:38 -------- d-----w- d:\program files\Microsoft Silverlight
2010-11-07 11:01 . 2010-11-07 11:02 -------- d-----w- d:\program files\PhotoFiltre
2010-11-06 16:18 . 2010-11-06 16:18 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\teamspeak2
2010-11-06 16:18 . 2010-11-06 16:18 34064 ----a-w- d:\windows\system32\lhacm.acm
2010-11-06 16:18 . 2010-11-06 16:18 -------- d-----w- d:\program files\Teamspeak2_RC2
2010-11-02 18:27 . 2010-11-02 18:28 -------- d-----w- d:\program files\ICQ7.2
2010-10-30 19:04 . 2010-10-30 19:04 -------- d-----w- d:\program files\AMR Player
2010-10-28 07:59 . 2010-11-03 14:45 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2010-10-28 07:58 . 2010-10-28 07:58 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Data aplikací\Sunbelt Software
2010-10-28 07:57 . 2010-11-21 20:10 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Lavasoft
2010-10-28 07:40 . 2010-10-28 07:41 24202296 ----a-w- d:\program files\chrome_installer.exe
2010-10-28 07:29 . 2010-10-28 07:30 133581132 ----a-w- d:\program files\Ad-AwareInstall.exe
2010-10-27 14:10 . 2010-10-27 14:10 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Data aplikací\AOL
2010-10-25 15:50 . 2010-10-25 16:03 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\Nokia
2010-10-25 15:50 . 2010-10-25 15:50 -------- d-----w- d:\documents and settings\All Users\Data aplikací\PC Suite
2010-10-25 15:50 . 2010-10-25 15:50 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\PC Suite
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Common Files\PCSuite
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Common Files\Nokia
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\DIFX
2010-10-25 15:49 . 2008-08-26 08:26 18816 ----a-w- d:\windows\system32\drivers\pccsmcfd.sys
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\PC Connectivity Solution
2010-10-25 15:49 . 2010-11-21 20:10 -------- dc----w- d:\windows\system32\DRVSTORE
2010-10-25 15:49 . 2010-02-26 12:32 662016 ----a-w- d:\windows\system32\nmwcdcocls.dll
2010-10-25 15:49 . 2010-02-26 12:32 18176 ----a-w- d:\windows\system32\drivers\ccdcmb.sys
2010-10-25 15:49 . 2010-02-26 12:19 1461992 ----a-w- d:\windows\system32\wdfcoinstaller01009.dll
2010-10-25 15:49 . 2010-02-26 12:32 92672 ----a-w- d:\windows\system32\nmwcdcls.dll
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Nokia
2010-10-25 15:48 . 2010-10-25 15:48 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 18:49 . 2010-07-15 18:31 233960 ----a-w- d:\windows\system32\PnkBstrB.xtr
2010-11-22 18:49 . 2009-08-04 09:56 233960 ----a-w- d:\windows\system32\PnkBstrB.exe
2010-11-22 17:36 . 2009-08-04 09:56 138520 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2010-10-28 07:41 . 2010-10-28 07:40 24202296 ----a-w- d:\program files\chrome_installer.exe
2010-10-21 11:02 . 2009-08-04 09:56 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2010-10-20 11:09 . 2010-09-13 13:45 22328 ----a-w- d:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2010-09-30 13:15 . 2009-08-03 08:52 512096 ----a-w- d:\windows\system32\drivers\amon.sys
2010-09-30 13:15 . 2009-08-03 08:52 298104 ----a-w- d:\windows\system32\imon.dll
2010-09-30 13:15 . 2009-08-03 08:52 15424 ----a-w- d:\windows\system32\drivers\nod32drv.sys
2010-08-13 06:30 . 2010-07-19 13:56 6751816 ----a-w- d:\program files\xfire_installer.exe
2005-06-19 14:16 . 2010-09-12 12:41 6041600 ----a-w- d:\program files\BF2.exe
2008-04-14 06:52 468480 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
2008-04-14 06:52 73728 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\wmplayer.exe
.
------- Sigcheck -------
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe
[-] 2008-04-14 . 347A58792F9322CCAB5ED09FAB72803B . 111104 . . [5.4.3790.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\wuauclt.exe
[-] 2008-04-14 . 27B06B78F42D195C35ECA9199AF97CB9 . 115712 . . [5.4.3790.5512] . . d:\windows\system32\wuauclt.exe
[-] 2008-04-14 . B06B1E696E8B0117EFF67D91E83574AB . 724992 . . [5.82] . . d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 244159B19BC4B9B6E3CFE0305049F1C3 . 694784 . . [5.82] . . d:\windows\system32\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-04-14 . 5A80B641C10230FDE03DEAB04DCF5E0D . 3459072 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2008-04-14 . 07E3ECD608CE9ED9275D4B320E333002 . 3395072 . . [6.00.2900.5512] . . d:\windows\system32\mshtml.dll
[-] 2008-04-14 . 1BC2CBAF4395E7446EC57D1D14C408AD . 2448384 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2008-04-14 . 37993C2479A148B156DD61E17A2E0476 . 2367872 . . [5.1.2600.5512] . . d:\windows\system32\ntoskrnl.exe
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll
[-] 2008-04-14 . 5E7011ACCA2C391A9446C201D5848E23 . 812032 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2008-04-14 . 5D2352B05C0F41FFC0A8D4232752E5AC . 777216 . . [6.00.2900.5512] . . d:\windows\system32\wininet.dll
[-] 2008-04-14 . 121A686E3D61D9D45F25C03A1E4EC6D5 . 1541120 . . [6.00.2900.5512] . . d:\windows\explorer.exe
[-] 2008-04-14 . 137A31C90841DB6EF71ABE912E72121E . 1552384 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[7] 2008-04-14 . 21F836AAB269FF644E0E708B794B0DF7 . 1287168 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2008-04-14 . 79E4E0BCF353CA222DCCA7DD396F15A9 . 1312256 . . [5.1.2600.5512] . . d:\windows\system32\ole32.dll
[-] 2008-04-14 . D8152865F2A59D765AF8317E38AA5FB4 . 25088 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe
[-] 2008-12-19 . AF9671053F8E5272D879A0F0B2E418DD . 2325248 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2008-12-19 . BB65E17A747BE935D30B142297224DDB . 2244736 . . [5.1.2600.5512] . . d:\windows\system32\ntkrnlpa.exe
[-] 2008-04-14 . E3FB0D4B5717AB8FE3EAC459B72EC6D6 . 468480 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-11-21_18.16.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-22 19:10 . 2010-11-22 19:10 16384 d:\windows\temp\Perflib_Perfdata_a0c.dat
+ 2010-11-22 19:09 . 2010-11-22 19:09 16384 d:\windows\temp\Perflib_Perfdata_59c.dat
+ 2010-11-22 17:34 . 2010-11-22 17:34 5120 d:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2010-11-02 12:39 . 2010-11-02 12:39 5120 d:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"ICQ"="d:\program files\ICQ7.2\ICQ.exe" [2010-11-02 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15797248]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2010-09-30 949376]
"Reloader"="d:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe" [2009-07-23 364846]
"UpdateReminder"="d:\program files\Eset\UpdateReminder.exe" [2010-11-03 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 40448]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="d:\program files\steam\steam.exe" -silent
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"CTFMON.EXE"=d:\windows\system32\ctfmon.exe
"Google Update"="d:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=d:\windows\system32\oodtray.exe
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\ICQ7.2\\aolload.exe"=
R0 m5288;m5288;d:\windows\system32\drivers\m5288.sys [31.8.2010 17:03 210304]
R0 Si3124;Si3124;d:\windows\system32\drivers\si3124.sys [19.12.2008 14:14 76208]
R0 Si3531;Si3531;d:\windows\system32\drivers\Si3531.sys [19.12.2008 14:14 210224]
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [23.7.2009 9:32 691696]
R1 nod32drv;nod32drv;d:\windows\system32\drivers\nod32drv.sys [3.8.2009 9:52 15424]
R2 cpuz134;cpuz134;d:\windows\system32\drivers\cpuz134_x32.sys [30.9.2010 16:26 20328]
S3 Revoflt;Revoflt;d:\windows\system32\drivers\revoflt.sys [20.2.2010 20:37 27064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-11-22 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-10-12 d:\windows\Tasks\HPpromotions journeysoftware.job
- d:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: d:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-22 20:10
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1409082233-1417001333-1801674531-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a6,19,81,df,cd,88,5f,78,20,04,ab,44,34,07,f2,3e,db,dc,50,28,b6,43,f7,
ab,13,2f,2b,fa,c7,d2,82,1e,21,3b,8c,c7,c4,03,9f,92,f5,ca,f7,82,41,6a,fc,12,\
"??"=hex:1d,5a,02,6e,a1,91,e1,37,80,a6,f8,27,69,5a,ff,b4
[HKEY_USERS\S-1-5-21-1409082233-1417001333-1801674531-500\Software\SecuROM\License information*]
"datasecu"=hex:d4,e4,ae,e9,c9,46,c8,20,09,1e,be,22,fc,7d,14,10,d6,84,2f,54,d0,
49,44,20,25,18,97,35,1f,35,49,39,e6,14,fa,89,fa,ac,87,e0,b9,43,22,2d,fb,15,\
"rkeysecu"=hex:e9,8a,d8,8c,04,8e,0c,6e,28,0d,12,16,3f,d7,c8,fd
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="9942A825F11C18E17EF1E4DFF26DFA58F3F272ED0AD9B2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5C8EDD5E5BE2F6E667079E2EEF457D4BDF4D4864A6B38FB31B9D140EC3BAC672681C7A847EFAF3F3BE0B32B1E1DF96773E8C5D0EE471ECC9E17B072AC2AFD81E89D06ECA2F81166BD61B2410D7343B61CD8374B0B18D13EBD465A6C81EE03D43F8F689AFD347258E09F8CD612959C41AFA85B2FE9C7CB893A5E006D4B8C72763CC636AF3C3E7730A73EBFA61C2A9419388EAB2CB45FDC91E5FF529D9082180E5F36F2300E94187EB093E6BF0A4C3F4298F8E7F12DF9065CCDAB10C0B986E63942D7BBCDDC5F498298FBE5412E18CD49579511BEBB8F7DFC6C9A41C3F86F3231E8EE6B0BD6AE916981FBF5C6DA4AA8BF88496FA1DABBC4092AD62BAED84BBC1957F176D717E4A207527191F502809F8D8C3450709A8AAC21FE105BEB7D99379EF3FF658EF3E830EDDE8A4AEA83D552D1D1FC99C39B65355BE8EA8F25CDF8BB5085C734653F847E7D7F9C08D0C4885729150130DD9EE889CA4B5ED924306F8979DBC7F03DC918CEA49C4D0343140CE3F6765159D3BFCE4716BAAF952F44C747451980ECC6D7F8E897D063A8E73B32CC43343480754A443DB1115F4D721CADC53AA7D9AD88C4D4969A4CF69FCD4C05F646C1F27F6BD39439EF6F08ABB982B5171934B234C651B80635288CBD2F79C67B5EF04318D32A44AAC600DED8D51AC38BFD9B6A943471C3986FBE954D7A48F8E01FECF6B5F94E480AB790ED04EE4A03BE1B14932CBA397BE927E81F8C9C675DF47BC385C76E88AD0F84EECEEF491EC46B0AF5F46E812E81F7D193035D6EEBFA9BAB1C010CFD73BECA350F182EAB90D0B384F2AF412CDFDAB70EFAC88A4CFF07EBF4BC6965C302F476F55C0CC8DE18EFDBAEEAE50B236DCF94A0901734A42A23673D8F68380E03419D3164B92AFB59359AACFC3EBA9CC1AE61BD00BFED34201EBA38F556C1600AC5F7B30D89D18825299B29918E2C8B9620D2995FB33C0EF4B7F5186B770E9C40D58462585B800391680AD562C525946F3D1EE8C5A21860E5713353CCAACBC0E5E8848DA42B59470BB12ACF354DC94E3A35917CBFDDA0C850C0E39100B46445CBD39491AD168F9E2B69873453A26A9A3D70E074F96F52D61669BF9C54C63A8D2DDF54311CB2A446C8CA1FB02D8D9BC3C8B9ED0F4250D3BD2F62B4C85B531073C028EE7CF1D57FD91587CF14283A5E289CE7CBF0280C0F8ABE0EE365DC1DD71850598994D045126F54840B5065C39A98A44DF511D50311F66DDDFF1BC3E1EEBBE52EAEE6195FBADE41DC4DC2E5E4B0E6124BF37521508D99D39B76E78CF296F1DEDA1B5CAB8BFFACBAEA7AE03D417"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(884)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\sfc_os.dll
d:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1008)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll
d:\windows\system32\psbase.dll
- - - - - - - > 'explorer.exe'(3732)
d:\windows\system32\COMRes.dll
d:\windows\System32\cscui.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
d:\windows\system32\WPDShServiceObj.dll
d:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
d:\program files\Eset\nod32krn.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\oodag.exe
d:\windows\system32\HPZipm12.exe
d:\windows\system32\PnkBstrA.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\windows\System32\TUProgSt.exe
d:\windows\system32\RUNDLL32.EXE
d:\windows\RTHDCPL.EXE
d:\windows\system32\wbem\wmiapsrv.exe
d:\program files\PC Connectivity Solution\ServiceLayer.exe
d:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-11-22 20:12:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-22 19:12
ComboFix2.txt 2010-11-22 15:11
ComboFix3.txt 2010-11-21 20:28
ComboFix4.txt 2010-11-21 18:19
Před spuštěním: Volných bajtů: 12 212 527 104
Po spuštění: Volných bajtů: 12 206 931 968
- - End Of File - - D5606D613BAE0736ED1D03332DCB6BDE
Combo Fix ComboFix 10-11-21.01 - Administrator 22.11.2010 20:02:42.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1555 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Administrator\Plocha\CFScript.txt
* Rezidentní štít AV je zapnutý
FILE ::
"D:\asyncmac.sys"
"d:\program files\ccsetup236.exe"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\asyncmac.sys
d:\program files\ccsetup236.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_GGSAFERDRIVER
-------\Service_GGSAFERDriver
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-22 do 2010-11-22 )))))))))))))))))))))))))))))))
.
2010-11-22 15:02 . 2008-04-14 12:00 14336 ----a-w- d:\windows\system32\drivers\asyncmac.sys
2010-11-22 15:02 . 2008-04-14 12:00 14336 ----a-w- d:\windows\system32\dllcache\asyncmac.sys
2010-11-21 11:22 . 2010-11-21 11:22 -------- d-----w- D:\rsit
2010-11-18 14:55 . 2008-11-07 17:55 16928 ------w- d:\windows\system32\spmsgXP_2k3.dll
2010-11-13 15:34 . 2010-11-13 15:35 -------- d-----w- d:\program files\PokerStars
2010-11-09 16:38 . 2010-11-09 16:38 -------- d-----w- d:\program files\Microsoft Silverlight
2010-11-07 11:01 . 2010-11-07 11:02 -------- d-----w- d:\program files\PhotoFiltre
2010-11-06 16:18 . 2010-11-06 16:18 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\teamspeak2
2010-11-06 16:18 . 2010-11-06 16:18 34064 ----a-w- d:\windows\system32\lhacm.acm
2010-11-06 16:18 . 2010-11-06 16:18 -------- d-----w- d:\program files\Teamspeak2_RC2
2010-11-02 18:27 . 2010-11-02 18:28 -------- d-----w- d:\program files\ICQ7.2
2010-10-30 19:04 . 2010-10-30 19:04 -------- d-----w- d:\program files\AMR Player
2010-10-28 07:59 . 2010-11-03 14:45 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys
2010-10-28 07:58 . 2010-10-28 07:58 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Data aplikací\Sunbelt Software
2010-10-28 07:57 . 2010-11-21 20:10 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Lavasoft
2010-10-28 07:40 . 2010-10-28 07:41 24202296 ----a-w- d:\program files\chrome_installer.exe
2010-10-28 07:29 . 2010-10-28 07:30 133581132 ----a-w- d:\program files\Ad-AwareInstall.exe
2010-10-27 14:10 . 2010-10-27 14:10 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Data aplikací\AOL
2010-10-25 15:50 . 2010-10-25 16:03 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\Nokia
2010-10-25 15:50 . 2010-10-25 15:50 -------- d-----w- d:\documents and settings\All Users\Data aplikací\PC Suite
2010-10-25 15:50 . 2010-10-25 15:50 -------- d-----w- d:\documents and settings\Administrator\Data aplikací\PC Suite
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Common Files\PCSuite
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Common Files\Nokia
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\DIFX
2010-10-25 15:49 . 2008-08-26 08:26 18816 ----a-w- d:\windows\system32\drivers\pccsmcfd.sys
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\PC Connectivity Solution
2010-10-25 15:49 . 2010-11-21 20:10 -------- dc----w- d:\windows\system32\DRVSTORE
2010-10-25 15:49 . 2010-02-26 12:32 662016 ----a-w- d:\windows\system32\nmwcdcocls.dll
2010-10-25 15:49 . 2010-02-26 12:32 18176 ----a-w- d:\windows\system32\drivers\ccdcmb.sys
2010-10-25 15:49 . 2010-02-26 12:19 1461992 ----a-w- d:\windows\system32\wdfcoinstaller01009.dll
2010-10-25 15:49 . 2010-02-26 12:32 92672 ----a-w- d:\windows\system32\nmwcdcls.dll
2010-10-25 15:49 . 2010-10-25 15:49 -------- d-----w- d:\program files\Nokia
2010-10-25 15:48 . 2010-10-25 15:48 -------- d-----w- d:\documents and settings\All Users\Data aplikací\Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 18:49 . 2010-07-15 18:31 233960 ----a-w- d:\windows\system32\PnkBstrB.xtr
2010-11-22 18:49 . 2009-08-04 09:56 233960 ----a-w- d:\windows\system32\PnkBstrB.exe
2010-11-22 17:36 . 2009-08-04 09:56 138520 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2010-10-28 07:41 . 2010-10-28 07:40 24202296 ----a-w- d:\program files\chrome_installer.exe
2010-10-21 11:02 . 2009-08-04 09:56 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2010-10-20 11:09 . 2010-09-13 13:45 22328 ----a-w- d:\documents and settings\Administrator\Data aplikací\PnkBstrK.sys
2010-09-30 13:15 . 2009-08-03 08:52 512096 ----a-w- d:\windows\system32\drivers\amon.sys
2010-09-30 13:15 . 2009-08-03 08:52 298104 ----a-w- d:\windows\system32\imon.dll
2010-09-30 13:15 . 2009-08-03 08:52 15424 ----a-w- d:\windows\system32\drivers\nod32drv.sys
2010-08-13 06:30 . 2010-07-19 13:56 6751816 ----a-w- d:\program files\xfire_installer.exe
2005-06-19 14:16 . 2010-09-12 12:41 6041600 ----a-w- d:\program files\BF2.exe
2008-04-14 06:52 468480 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
2008-04-14 06:52 73728 --sha-w- d:\windows\NiwradSoft Shell Pack\Backup\wmplayer.exe
.
------- Sigcheck -------
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . d:\windows\system32\winlogon.exe
[-] 2008-04-14 . 347A58792F9322CCAB5ED09FAB72803B . 111104 . . [5.4.3790.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\wuauclt.exe
[-] 2008-04-14 . 27B06B78F42D195C35ECA9199AF97CB9 . 115712 . . [5.4.3790.5512] . . d:\windows\system32\wuauclt.exe
[-] 2008-04-14 . B06B1E696E8B0117EFF67D91E83574AB . 724992 . . [5.82] . . d:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 244159B19BC4B9B6E3CFE0305049F1C3 . 694784 . . [5.82] . . d:\windows\system32\comctl32.dll
[7] 2008-04-14 . D7B7AE36A2EBA312AC4B53862019B3F5 . 1054208 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-10-25 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . d:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-04-14 . 5A80B641C10230FDE03DEAB04DCF5E0D . 3459072 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\mshtml.dll
[-] 2008-04-14 . 07E3ECD608CE9ED9275D4B320E333002 . 3395072 . . [6.00.2900.5512] . . d:\windows\system32\mshtml.dll
[-] 2008-04-14 . 1BC2CBAF4395E7446EC57D1D14C408AD . 2448384 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2008-04-14 . 37993C2479A148B156DD61E17A2E0476 . 2367872 . . [5.1.2600.5512] . . d:\windows\system32\ntoskrnl.exe
[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . d:\windows\system32\user32.dll
[-] 2008-04-14 . 5E7011ACCA2C391A9446C201D5848E23 . 812032 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2008-04-14 . 5D2352B05C0F41FFC0A8D4232752E5AC . 777216 . . [6.00.2900.5512] . . d:\windows\system32\wininet.dll
[-] 2008-04-14 . 121A686E3D61D9D45F25C03A1E4EC6D5 . 1541120 . . [6.00.2900.5512] . . d:\windows\explorer.exe
[-] 2008-04-14 . 137A31C90841DB6EF71ABE912E72121E . 1552384 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[7] 2008-04-14 . 21F836AAB269FF644E0E708B794B0DF7 . 1287168 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ole32.dll
[-] 2008-04-14 . 79E4E0BCF353CA222DCCA7DD396F15A9 . 1312256 . . [5.1.2600.5512] . . d:\windows\system32\ole32.dll
[-] 2008-04-14 . D8152865F2A59D765AF8317E38AA5FB4 . 25088 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . d:\windows\system32\ctfmon.exe
[-] 2008-12-19 . AF9671053F8E5272D879A0F0B2E418DD . 2325248 . . [5.1.2600.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2008-12-19 . BB65E17A747BE935D30B142297224DDB . 2244736 . . [5.1.2600.5512] . . d:\windows\system32\ntkrnlpa.exe
[-] 2008-04-14 . E3FB0D4B5717AB8FE3EAC459B72EC6D6 . 468480 . . [6.00.2900.5512] . . d:\windows\NiwradSoft Shell Pack\Backup\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-11-21_18.16.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-22 19:10 . 2010-11-22 19:10 16384 d:\windows\temp\Perflib_Perfdata_a0c.dat
+ 2010-11-22 19:09 . 2010-11-22 19:09 16384 d:\windows\temp\Perflib_Perfdata_59c.dat
+ 2010-11-22 17:34 . 2010-11-22 17:34 5120 d:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2010-11-02 12:39 . 2010-11-02 12:39 5120 d:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"ICQ"="d:\program files\ICQ7.2\ICQ.exe" [2010-11-02 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15797248]
"nod32kui"="d:\program files\Eset\nod32kui.exe" [2010-09-30 949376]
"Reloader"="d:\windows\NiwradSoft Shell Pack\Tools\Reloader.exe" [2009-07-23 364846]
"UpdateReminder"="d:\program files\Eset\UpdateReminder.exe" [2010-11-03 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 40448]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="d:\program files\steam\steam.exe" -silent
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"CTFMON.EXE"=d:\windows\system32\ctfmon.exe
"Google Update"="d:\documents and settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OODefragTray"=d:\windows\system32\oodtray.exe
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\ICQ7.2\\ICQ.exe"=
"d:\\Program Files\\ICQ7.2\\aolload.exe"=
R0 m5288;m5288;d:\windows\system32\drivers\m5288.sys [31.8.2010 17:03 210304]
R0 Si3124;Si3124;d:\windows\system32\drivers\si3124.sys [19.12.2008 14:14 76208]
R0 Si3531;Si3531;d:\windows\system32\drivers\Si3531.sys [19.12.2008 14:14 210224]
R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [23.7.2009 9:32 691696]
R1 nod32drv;nod32drv;d:\windows\system32\drivers\nod32drv.sys [3.8.2009 9:52 15424]
R2 cpuz134;cpuz134;d:\windows\system32\drivers\cpuz134_x32.sys [30.9.2010 16:26 20328]
S3 Revoflt;Revoflt;d:\windows\system32\drivers\revoflt.sys [20.2.2010 20:37 27064]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
2010-11-22 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
2009-10-12 d:\windows\Tasks\HPpromotions journeysoftware.job
- d:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: d:\windows\system32\imon.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-22 20:10
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-1409082233-1417001333-1801674531-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a6,19,81,df,cd,88,5f,78,20,04,ab,44,34,07,f2,3e,db,dc,50,28,b6,43,f7,
ab,13,2f,2b,fa,c7,d2,82,1e,21,3b,8c,c7,c4,03,9f,92,f5,ca,f7,82,41,6a,fc,12,\
"??"=hex:1d,5a,02,6e,a1,91,e1,37,80,a6,f8,27,69,5a,ff,b4
[HKEY_USERS\S-1-5-21-1409082233-1417001333-1801674531-500\Software\SecuROM\License information*]
"datasecu"=hex:d4,e4,ae,e9,c9,46,c8,20,09,1e,be,22,fc,7d,14,10,d6,84,2f,54,d0,
49,44,20,25,18,97,35,1f,35,49,39,e6,14,fa,89,fa,ac,87,e0,b9,43,22,2d,fb,15,\
"rkeysecu"=hex:e9,8a,d8,8c,04,8e,0c,6e,28,0d,12,16,3f,d7,c8,fd
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="9942A825F11C18E17EF1E4DFF26DFA58F3F272ED0AD9B2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34529DB7CE019D40AA5C8EDD5E5BE2F6E667079E2EEF457D4BDF4D4864A6B38FB31B9D140EC3BAC672681C7A847EFAF3F3BE0B32B1E1DF96773E8C5D0EE471ECC9E17B072AC2AFD81E89D06ECA2F81166BD61B2410D7343B61CD8374B0B18D13EBD465A6C81EE03D43F8F689AFD347258E09F8CD612959C41AFA85B2FE9C7CB893A5E006D4B8C72763CC636AF3C3E7730A73EBFA61C2A9419388EAB2CB45FDC91E5FF529D9082180E5F36F2300E94187EB093E6BF0A4C3F4298F8E7F12DF9065CCDAB10C0B986E63942D7BBCDDC5F498298FBE5412E18CD49579511BEBB8F7DFC6C9A41C3F86F3231E8EE6B0BD6AE916981FBF5C6DA4AA8BF88496FA1DABBC4092AD62BAED84BBC1957F176D717E4A207527191F502809F8D8C3450709A8AAC21FE105BEB7D99379EF3FF658EF3E830EDDE8A4AEA83D552D1D1FC99C39B65355BE8EA8F25CDF8BB5085C734653F847E7D7F9C08D0C4885729150130DD9EE889CA4B5ED924306F8979DBC7F03DC918CEA49C4D0343140CE3F6765159D3BFCE4716BAAF952F44C747451980ECC6D7F8E897D063A8E73B32CC43343480754A443DB1115F4D721CADC53AA7D9AD88C4D4969A4CF69FCD4C05F646C1F27F6BD39439EF6F08ABB982B5171934B234C651B80635288CBD2F79C67B5EF04318D32A44AAC600DED8D51AC38BFD9B6A943471C3986FBE954D7A48F8E01FECF6B5F94E480AB790ED04EE4A03BE1B14932CBA397BE927E81F8C9C675DF47BC385C76E88AD0F84EECEEF491EC46B0AF5F46E812E81F7D193035D6EEBFA9BAB1C010CFD73BECA350F182EAB90D0B384F2AF412CDFDAB70EFAC88A4CFF07EBF4BC6965C302F476F55C0CC8DE18EFDBAEEAE50B236DCF94A0901734A42A23673D8F68380E03419D3164B92AFB59359AACFC3EBA9CC1AE61BD00BFED34201EBA38F556C1600AC5F7B30D89D18825299B29918E2C8B9620D2995FB33C0EF4B7F5186B770E9C40D58462585B800391680AD562C525946F3D1EE8C5A21860E5713353CCAACBC0E5E8848DA42B59470BB12ACF354DC94E3A35917CBFDDA0C850C0E39100B46445CBD39491AD168F9E2B69873453A26A9A3D70E074F96F52D61669BF9C54C63A8D2DDF54311CB2A446C8CA1FB02D8D9BC3C8B9ED0F4250D3BD2F62B4C85B531073C028EE7CF1D57FD91587CF14283A5E289CE7CBF0280C0F8ABE0EE365DC1DD71850598994D045126F54840B5065C39A98A44DF511D50311F66DDDFF1BC3E1EEBBE52EAEE6195FBADE41DC4DC2E5E4B0E6124BF37521508D99D39B76E78CF296F1DEDA1B5CAB8BFFACBAEA7AE03D417"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(884)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\sfc_os.dll
d:\windows\system32\cscui.dll
- - - - - - - > 'lsass.exe'(1008)
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\imon.dll
d:\program files\Eset\pr_imon.dll
d:\windows\system32\psbase.dll
- - - - - - - > 'explorer.exe'(3732)
d:\windows\system32\COMRes.dll
d:\windows\System32\cscui.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
d:\windows\system32\WPDShServiceObj.dll
d:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
d:\program files\Eset\nod32krn.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\oodag.exe
d:\windows\system32\HPZipm12.exe
d:\windows\system32\PnkBstrA.exe
d:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
d:\windows\System32\TUProgSt.exe
d:\windows\system32\RUNDLL32.EXE
d:\windows\RTHDCPL.EXE
d:\windows\system32\wbem\wmiapsrv.exe
d:\program files\PC Connectivity Solution\ServiceLayer.exe
d:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-11-22 20:12:58 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-22 19:12
ComboFix2.txt 2010-11-22 15:11
ComboFix3.txt 2010-11-21 20:28
ComboFix4.txt 2010-11-21 18:19
Před spuštěním: Volných bajtů: 12 212 527 104
Po spuštění: Volných bajtů: 12 206 931 968
- - End Of File - - D5606D613BAE0736ED1D03332DCB6BDE
"You don't need to say sorry, it's poker" Antonio Esfandiari
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
-
warcraftan
- Master Level 7
- Příspěvky: 4902
- Registrován: září 08
- Bydliště: Ostrava
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:17:11, on 22.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\TUProgSt.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Reloader] D:\WINDOWS\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKLM\..\Run: [UpdateReminder] D:\Program Files\Eset\UpdateReminder.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe (file missing)
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Program Files\QIP\qip.exe (HKCU)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: CiSvc - Unknown owner - D:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe
--
End of file - 6648 bytes
Chtěl jsem se zeptat ohledně te Gareny, garenu využivám denně, hraji přes ní pc hry (tedy bratr), když jsem např ve fitku. Je vtom nějaky červ?
Scan saved at 20:17:11, on 22.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\TUProgSt.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Eset\nod32kui.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Reloader] D:\WINDOWS\NiwradSoft Shell Pack\Tools\Reloader.exe /S
O4 - HKLM\..\Run: [UpdateReminder] D:\Program Files\Eset\UpdateReminder.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ICQ] "D:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe (file missing)
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Program Files\QIP\qip.exe (HKCU)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: CiSvc - Unknown owner - D:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - D:\WINDOWS\System32\TUProgSt.exe
--
End of file - 6648 bytes
Chtěl jsem se zeptat ohledně te Gareny, garenu využivám denně, hraji přes ní pc hry (tedy bratr), když jsem např ve fitku. Je vtom nějaky červ?
"You don't need to say sorry, it's poker" Antonio Esfandiari
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43297
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu HJT
No , nedoporučuje se , ale chyběl Ti tam stejně soubor...
Jinak si můžeš nainstalovat , hlavní problém je , že jsou v ní díry , kterýma se hackeři dostávají do PC...
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Jinak si můžeš nainstalovat , hlavní problém je , že jsou v ní díry , kterýma se hackeři dostávají do PC...
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Administrator\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe (file missing)Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
warcraftan
- Master Level 7
- Příspěvky: 4902
- Registrován: září 08
- Bydliště: Ostrava
- Pohlaví:
- Stav:
Offline
Re: Kontrola logu HJT
Díky, jako vždy, jsi mi opět pomohl 
"You don't need to say sorry, it's poker" Antonio Esfandiari
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
"Poker actually isn't about winning or losing, poker is about making a right decision" Doyle Brunson
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 72 hostů